1 /** 2 * WinPR: Windows Portable Runtime 3 * Security Support Provider Interface (SSPI) 4 * 5 * Copyright 2012-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com> 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); 8 * you may not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, 15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 */ 19 20 #ifndef WINPR_SSPI_H 21 #define WINPR_SSPI_H 22 23 #include <winpr/winpr.h> 24 #include <winpr/wtypes.h> 25 #include <winpr/windows.h> 26 #include <winpr/security.h> 27 28 #ifdef _WIN32 29 30 #include <tchar.h> 31 #include <winerror.h> 32 33 #define SECURITY_WIN32 34 #include <sspi.h> 35 #include <security.h> 36 37 #endif 38 39 #if !defined(_WIN32) || defined(_UWP) 40 41 #ifndef SEC_ENTRY 42 #define SEC_ENTRY 43 #endif 44 45 typedef CHAR SEC_CHAR; 46 typedef WCHAR SEC_WCHAR; 47 48 struct _SECURITY_INTEGER 49 { 50 UINT32 LowPart; 51 INT32 HighPart; 52 }; 53 typedef struct _SECURITY_INTEGER SECURITY_INTEGER; 54 55 typedef SECURITY_INTEGER TimeStamp; 56 typedef SECURITY_INTEGER* PTimeStamp; 57 58 #ifndef __SECSTATUS_DEFINED__ 59 typedef LONG SECURITY_STATUS; 60 #define __SECSTATUS_DEFINED__ 61 #endif 62 63 struct _SecPkgInfoA 64 { 65 UINT32 fCapabilities; 66 UINT16 wVersion; 67 UINT16 wRPCID; 68 UINT32 cbMaxToken; 69 SEC_CHAR* Name; 70 SEC_CHAR* Comment; 71 }; 72 typedef struct _SecPkgInfoA SecPkgInfoA; 73 typedef SecPkgInfoA* PSecPkgInfoA; 74 75 struct _SecPkgInfoW 76 { 77 UINT32 fCapabilities; 78 UINT16 wVersion; 79 UINT16 wRPCID; 80 UINT32 cbMaxToken; 81 SEC_WCHAR* Name; 82 SEC_WCHAR* Comment; 83 }; 84 typedef struct _SecPkgInfoW SecPkgInfoW; 85 typedef SecPkgInfoW* PSecPkgInfoW; 86 87 #ifdef UNICODE 88 #define SecPkgInfo SecPkgInfoW 89 #define PSecPkgInfo PSecPkgInfoW 90 #else 91 #define SecPkgInfo SecPkgInfoA 92 #define PSecPkgInfo PSecPkgInfoA 93 #endif 94 95 #endif 96 97 #define NTLM_SSP_NAME _T("NTLM") 98 #define KERBEROS_SSP_NAME _T("Kerberos") 99 #define NEGO_SSP_NAME _T("Negotiate") 100 101 #define SECPKG_ID_NONE 0xFFFF 102 103 #define SECPKG_FLAG_INTEGRITY 0x00000001 104 #define SECPKG_FLAG_PRIVACY 0x00000002 105 #define SECPKG_FLAG_TOKEN_ONLY 0x00000004 106 #define SECPKG_FLAG_DATAGRAM 0x00000008 107 #define SECPKG_FLAG_CONNECTION 0x00000010 108 #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 109 #define SECPKG_FLAG_CLIENT_ONLY 0x00000040 110 #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 111 #define SECPKG_FLAG_IMPERSONATION 0x00000100 112 #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 113 #define SECPKG_FLAG_STREAM 0x00000400 114 #define SECPKG_FLAG_NEGOTIABLE 0x00000800 115 #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 116 #define SECPKG_FLAG_LOGON 0x00002000 117 #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 118 #define SECPKG_FLAG_FRAGMENT 0x00008000 119 #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 120 #define SECPKG_FLAG_DELEGATION 0x00020000 121 #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 122 #define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000 123 #define SECPKG_FLAG_NEGO_EXTENDER 0x00100000 124 #define SECPKG_FLAG_NEGOTIABLE2 0x00200000 125 126 #ifndef _WINERROR_ 127 128 #define SEC_E_OK (SECURITY_STATUS)0x00000000L 129 #define SEC_E_INSUFFICIENT_MEMORY (SECURITY_STATUS)0x80090300L 130 #define SEC_E_INVALID_HANDLE (SECURITY_STATUS)0x80090301L 131 #define SEC_E_UNSUPPORTED_FUNCTION (SECURITY_STATUS)0x80090302L 132 #define SEC_E_TARGET_UNKNOWN (SECURITY_STATUS)0x80090303L 133 #define SEC_E_INTERNAL_ERROR (SECURITY_STATUS)0x80090304L 134 #define SEC_E_SECPKG_NOT_FOUND (SECURITY_STATUS)0x80090305L 135 #define SEC_E_NOT_OWNER (SECURITY_STATUS)0x80090306L 136 #define SEC_E_CANNOT_INSTALL (SECURITY_STATUS)0x80090307L 137 #define SEC_E_INVALID_TOKEN (SECURITY_STATUS)0x80090308L 138 #define SEC_E_CANNOT_PACK (SECURITY_STATUS)0x80090309L 139 #define SEC_E_QOP_NOT_SUPPORTED (SECURITY_STATUS)0x8009030AL 140 #define SEC_E_NO_IMPERSONATION (SECURITY_STATUS)0x8009030BL 141 #define SEC_E_LOGON_DENIED (SECURITY_STATUS)0x8009030CL 142 #define SEC_E_UNKNOWN_CREDENTIALS (SECURITY_STATUS)0x8009030DL 143 #define SEC_E_NO_CREDENTIALS (SECURITY_STATUS)0x8009030EL 144 #define SEC_E_MESSAGE_ALTERED (SECURITY_STATUS)0x8009030FL 145 #define SEC_E_OUT_OF_SEQUENCE (SECURITY_STATUS)0x80090310L 146 #define SEC_E_NO_AUTHENTICATING_AUTHORITY (SECURITY_STATUS)0x80090311L 147 #define SEC_E_BAD_PKGID (SECURITY_STATUS)0x80090316L 148 #define SEC_E_CONTEXT_EXPIRED (SECURITY_STATUS)0x80090317L 149 #define SEC_E_INCOMPLETE_MESSAGE (SECURITY_STATUS)0x80090318L 150 #define SEC_E_INCOMPLETE_CREDENTIALS (SECURITY_STATUS)0x80090320L 151 #define SEC_E_BUFFER_TOO_SMALL (SECURITY_STATUS)0x80090321L 152 #define SEC_E_WRONG_PRINCIPAL (SECURITY_STATUS)0x80090322L 153 #define SEC_E_TIME_SKEW (SECURITY_STATUS)0x80090324L 154 #define SEC_E_UNTRUSTED_ROOT (SECURITY_STATUS)0x80090325L 155 #define SEC_E_ILLEGAL_MESSAGE (SECURITY_STATUS)0x80090326L 156 #define SEC_E_CERT_UNKNOWN (SECURITY_STATUS)0x80090327L 157 #define SEC_E_CERT_EXPIRED (SECURITY_STATUS)0x80090328L 158 #define SEC_E_ENCRYPT_FAILURE (SECURITY_STATUS)0x80090329L 159 #define SEC_E_DECRYPT_FAILURE (SECURITY_STATUS)0x80090330L 160 #define SEC_E_ALGORITHM_MISMATCH (SECURITY_STATUS)0x80090331L 161 #define SEC_E_SECURITY_QOS_FAILED (SECURITY_STATUS)0x80090332L 162 #define SEC_E_UNFINISHED_CONTEXT_DELETED (SECURITY_STATUS)0x80090333L 163 #define SEC_E_NO_TGT_REPLY (SECURITY_STATUS)0x80090334L 164 #define SEC_E_NO_IP_ADDRESSES (SECURITY_STATUS)0x80090335L 165 #define SEC_E_WRONG_CREDENTIAL_HANDLE (SECURITY_STATUS)0x80090336L 166 #define SEC_E_CRYPTO_SYSTEM_INVALID (SECURITY_STATUS)0x80090337L 167 #define SEC_E_MAX_REFERRALS_EXCEEDED (SECURITY_STATUS)0x80090338L 168 #define SEC_E_MUST_BE_KDC (SECURITY_STATUS)0x80090339L 169 #define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED (SECURITY_STATUS)0x8009033AL 170 #define SEC_E_TOO_MANY_PRINCIPALS (SECURITY_STATUS)0x8009033BL 171 #define SEC_E_NO_PA_DATA (SECURITY_STATUS)0x8009033CL 172 #define SEC_E_PKINIT_NAME_MISMATCH (SECURITY_STATUS)0x8009033DL 173 #define SEC_E_SMARTCARD_LOGON_REQUIRED (SECURITY_STATUS)0x8009033EL 174 #define SEC_E_SHUTDOWN_IN_PROGRESS (SECURITY_STATUS)0x8009033FL 175 #define SEC_E_KDC_INVALID_REQUEST (SECURITY_STATUS)0x80090340L 176 #define SEC_E_KDC_UNABLE_TO_REFER (SECURITY_STATUS)0x80090341L 177 #define SEC_E_KDC_UNKNOWN_ETYPE (SECURITY_STATUS)0x80090342L 178 #define SEC_E_UNSUPPORTED_PREAUTH (SECURITY_STATUS)0x80090343L 179 #define SEC_E_DELEGATION_REQUIRED (SECURITY_STATUS)0x80090345L 180 #define SEC_E_BAD_BINDINGS (SECURITY_STATUS)0x80090346L 181 #define SEC_E_MULTIPLE_ACCOUNTS (SECURITY_STATUS)0x80090347L 182 #define SEC_E_NO_KERB_KEY (SECURITY_STATUS)0x80090348L 183 #define SEC_E_CERT_WRONG_USAGE (SECURITY_STATUS)0x80090349L 184 #define SEC_E_DOWNGRADE_DETECTED (SECURITY_STATUS)0x80090350L 185 #define SEC_E_SMARTCARD_CERT_REVOKED (SECURITY_STATUS)0x80090351L 186 #define SEC_E_ISSUING_CA_UNTRUSTED (SECURITY_STATUS)0x80090352L 187 #define SEC_E_REVOCATION_OFFLINE_C (SECURITY_STATUS)0x80090353L 188 #define SEC_E_PKINIT_CLIENT_FAILURE (SECURITY_STATUS)0x80090354L 189 #define SEC_E_SMARTCARD_CERT_EXPIRED (SECURITY_STATUS)0x80090355L 190 #define SEC_E_NO_S4U_PROT_SUPPORT (SECURITY_STATUS)0x80090356L 191 #define SEC_E_CROSSREALM_DELEGATION_FAILURE (SECURITY_STATUS)0x80090357L 192 #define SEC_E_REVOCATION_OFFLINE_KDC (SECURITY_STATUS)0x80090358L 193 #define SEC_E_ISSUING_CA_UNTRUSTED_KDC (SECURITY_STATUS)0x80090359L 194 #define SEC_E_KDC_CERT_EXPIRED (SECURITY_STATUS)0x8009035AL 195 #define SEC_E_KDC_CERT_REVOKED (SECURITY_STATUS)0x8009035BL 196 #define SEC_E_INVALID_PARAMETER (SECURITY_STATUS)0x8009035DL 197 #define SEC_E_DELEGATION_POLICY (SECURITY_STATUS)0x8009035EL 198 #define SEC_E_POLICY_NLTM_ONLY (SECURITY_STATUS)0x8009035FL 199 #define SEC_E_NO_CONTEXT (SECURITY_STATUS)0x80090361L 200 #define SEC_E_PKU2U_CERT_FAILURE (SECURITY_STATUS)0x80090362L 201 #define SEC_E_MUTUAL_AUTH_FAILED (SECURITY_STATUS)0x80090363L 202 203 #define SEC_I_CONTINUE_NEEDED (SECURITY_STATUS)0x00090312L 204 #define SEC_I_COMPLETE_NEEDED (SECURITY_STATUS)0x00090313L 205 #define SEC_I_COMPLETE_AND_CONTINUE (SECURITY_STATUS)0x00090314L 206 #define SEC_I_LOCAL_LOGON (SECURITY_STATUS)0x00090315L 207 #define SEC_I_CONTEXT_EXPIRED (SECURITY_STATUS)0x00090317L 208 #define SEC_I_INCOMPLETE_CREDENTIALS (SECURITY_STATUS)0x00090320L 209 #define SEC_I_RENEGOTIATE (SECURITY_STATUS)0x00090321L 210 #define SEC_I_NO_LSA_CONTEXT (SECURITY_STATUS)0x00090323L 211 #define SEC_I_SIGNATURE_NEEDED (SECURITY_STATUS)0x0009035CL 212 #define SEC_I_NO_RENEGOTIATION (SECURITY_STATUS)0x00090360L 213 214 #endif 215 216 #define SECURITY_NATIVE_DREP 0x00000010 217 #define SECURITY_NETWORK_DREP 0x00000000 218 219 #define SECPKG_CRED_INBOUND 0x00000001 220 #define SECPKG_CRED_OUTBOUND 0x00000002 221 #define SECPKG_CRED_BOTH 0x00000003 222 #define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010 223 #define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020 224 225 /* Security Context Attributes */ 226 227 #define SECPKG_ATTR_SIZES 0 228 #define SECPKG_ATTR_NAMES 1 229 #define SECPKG_ATTR_LIFESPAN 2 230 #define SECPKG_ATTR_DCE_INFO 3 231 #define SECPKG_ATTR_STREAM_SIZES 4 232 #define SECPKG_ATTR_KEY_INFO 5 233 #define SECPKG_ATTR_AUTHORITY 6 234 #define SECPKG_ATTR_PROTO_INFO 7 235 #define SECPKG_ATTR_PASSWORD_EXPIRY 8 236 #define SECPKG_ATTR_SESSION_KEY 9 237 #define SECPKG_ATTR_PACKAGE_INFO 10 238 #define SECPKG_ATTR_USER_FLAGS 11 239 #define SECPKG_ATTR_NEGOTIATION_INFO 12 240 #define SECPKG_ATTR_NATIVE_NAMES 13 241 #define SECPKG_ATTR_FLAGS 14 242 #define SECPKG_ATTR_USE_VALIDATED 15 243 #define SECPKG_ATTR_CREDENTIAL_NAME 16 244 #define SECPKG_ATTR_TARGET_INFORMATION 17 245 #define SECPKG_ATTR_ACCESS_TOKEN 18 246 #define SECPKG_ATTR_TARGET 19 247 #define SECPKG_ATTR_AUTHENTICATION_ID 20 248 #define SECPKG_ATTR_LOGOFF_TIME 21 249 #define SECPKG_ATTR_NEGO_KEYS 22 250 #define SECPKG_ATTR_PROMPTING_NEEDED 24 251 #define SECPKG_ATTR_UNIQUE_BINDINGS 25 252 #define SECPKG_ATTR_ENDPOINT_BINDINGS 26 253 #define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27 254 #define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30 255 #define SECPKG_ATTR_NEGO_PKG_INFO 31 256 #define SECPKG_ATTR_NEGO_STATUS 32 257 #define SECPKG_ATTR_CONTEXT_DELETED 33 258 259 #if !defined(_WIN32) || defined(_UWP) 260 261 struct _SecPkgContext_AccessToken 262 { 263 void* AccessToken; 264 }; 265 typedef struct _SecPkgContext_AccessToken SecPkgContext_AccessToken; 266 267 struct _SecPkgContext_SessionAppData 268 { 269 UINT32 dwFlags; 270 UINT32 cbAppData; 271 BYTE* pbAppData; 272 }; 273 typedef struct _SecPkgContext_SessionAppData SecPkgContext_SessionAppData; 274 275 struct _SecPkgContext_Authority 276 { 277 char* sAuthorityName; 278 }; 279 typedef struct _SecPkgContext_Authority SecPkgContext_Authority; 280 281 struct _SecPkgContext_ClientSpecifiedTarget 282 { 283 char* sTargetName; 284 }; 285 typedef struct _SecPkgContext_ClientSpecifiedTarget SecPkgContext_ClientSpecifiedTarget; 286 287 typedef UINT32 ALG_ID; 288 289 struct _SecPkgContext_ConnectionInfo 290 { 291 UINT32 dwProtocol; 292 ALG_ID aiCipher; 293 UINT32 dwCipherStrength; 294 ALG_ID aiHash; 295 UINT32 dwHashStrength; 296 ALG_ID aiExch; 297 UINT32 dwExchStrength; 298 }; 299 typedef struct _SecPkgContext_ConnectionInfo SecPkgContext_ConnectionInfo; 300 301 struct _SecPkgContext_ClientCreds 302 { 303 UINT32 AuthBufferLen; 304 BYTE* AuthBuffer; 305 }; 306 typedef struct _SecPkgContext_ClientCreds SecPkgContext_ClientCreds; 307 308 struct _SecPkgContex_DceInfo 309 { 310 UINT32 AuthzSvc; 311 void* pPac; 312 }; 313 typedef struct _SecPkgContex_DceInfo SecPkgContex_DceInfo; 314 315 struct _SEC_CHANNEL_BINDINGS 316 { 317 UINT32 dwInitiatorAddrType; 318 UINT32 cbInitiatorLength; 319 UINT32 dwInitiatorOffset; 320 UINT32 dwAcceptorAddrType; 321 UINT32 cbAcceptorLength; 322 UINT32 dwAcceptorOffset; 323 UINT32 cbApplicationDataLength; 324 UINT32 dwApplicationDataOffset; 325 }; 326 typedef struct _SEC_CHANNEL_BINDINGS SEC_CHANNEL_BINDINGS; 327 328 struct _SecPkgContext_Bindings 329 { 330 UINT32 BindingsLength; 331 SEC_CHANNEL_BINDINGS* Bindings; 332 }; 333 typedef struct _SecPkgContext_Bindings SecPkgContext_Bindings; 334 335 struct _SecPkgContext_EapKeyBlock 336 { 337 BYTE rgbKeys[128]; 338 BYTE rgbIVs[64]; 339 }; 340 typedef struct _SecPkgContext_EapKeyBlock SecPkgContext_EapKeyBlock; 341 342 struct _SecPkgContext_Flags 343 { 344 UINT32 Flags; 345 }; 346 typedef struct _SecPkgContext_Flags SecPkgContext_Flags; 347 348 struct _SecPkgContext_KeyInfo 349 { 350 char* sSignatureAlgorithmName; 351 char* sEncryptAlgorithmName; 352 UINT32 KeySize; 353 UINT32 SignatureAlgorithm; 354 UINT32 EncryptAlgorithm; 355 }; 356 typedef struct _SecPkgContext_KeyInfo SecPkgContext_KeyInfo; 357 358 struct _SecPkgContext_Lifespan 359 { 360 TimeStamp tsStart; 361 TimeStamp tsExpiry; 362 }; 363 typedef struct _SecPkgContext_Lifespan SecPkgContext_Lifespan; 364 365 struct _SecPkgContext_Names 366 { 367 char* sUserName; 368 }; 369 typedef struct _SecPkgContext_Names SecPkgContext_Names; 370 371 struct _SecPkgContext_NativeNames 372 { 373 char* sClientName; 374 char* sServerName; 375 }; 376 typedef struct _SecPkgContext_NativeNames SecPkgContext_NativeNames; 377 378 struct _SecPkgContext_NegotiationInfo 379 { 380 SecPkgInfo* PackageInfo; 381 UINT32 NegotiationState; 382 }; 383 typedef struct _SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfo; 384 385 struct _SecPkgContext_PackageInfo 386 { 387 SecPkgInfo* PackageInfo; 388 }; 389 typedef struct _SecPkgContext_PackageInfo SecPkgContext_PackageInfo; 390 391 struct _SecPkgContext_PasswordExpiry 392 { 393 TimeStamp tsPasswordExpires; 394 }; 395 typedef struct _SecPkgContext_PasswordExpiry SecPkgContext_PasswordExpiry; 396 397 struct _SecPkgContext_SessionKey 398 { 399 UINT32 SessionKeyLength; 400 BYTE* SessionKey; 401 }; 402 typedef struct _SecPkgContext_SessionKey SecPkgContext_SessionKey; 403 404 struct _SecPkgContext_SessionInfo 405 { 406 UINT32 dwFlags; 407 UINT32 cbSessionId; 408 BYTE rgbSessionId[32]; 409 }; 410 typedef struct _SecPkgContext_SessionInfo SecPkgContext_SessionInfo; 411 412 struct _SecPkgContext_Sizes 413 { 414 UINT32 cbMaxToken; 415 UINT32 cbMaxSignature; 416 UINT32 cbBlockSize; 417 UINT32 cbSecurityTrailer; 418 }; 419 typedef struct _SecPkgContext_Sizes SecPkgContext_Sizes; 420 421 struct _SecPkgContext_StreamSizes 422 { 423 UINT32 cbHeader; 424 UINT32 cbTrailer; 425 UINT32 cbMaximumMessage; 426 UINT32 cBuffers; 427 UINT32 cbBlockSize; 428 }; 429 typedef struct _SecPkgContext_StreamSizes SecPkgContext_StreamSizes; 430 431 struct _SecPkgContext_SubjectAttributes 432 { 433 void* AttributeInfo; 434 }; 435 typedef struct _SecPkgContext_SubjectAttributes SecPkgContext_SubjectAttributes; 436 437 struct _SecPkgContext_SupportedSignatures 438 { 439 UINT16 cSignatureAndHashAlgorithms; 440 UINT16* pSignatureAndHashAlgorithms; 441 }; 442 typedef struct _SecPkgContext_SupportedSignatures SecPkgContext_SupportedSignatures; 443 444 struct _SecPkgContext_TargetInformation 445 { 446 UINT32 MarshalledTargetInfoLength; 447 BYTE* MarshalledTargetInfo; 448 }; 449 typedef struct _SecPkgContext_TargetInformation SecPkgContext_TargetInformation; 450 451 /* Security Credentials Attributes */ 452 453 #define SECPKG_CRED_ATTR_NAMES 1 454 455 struct _SecPkgCredentials_NamesA 456 { 457 SEC_CHAR* sUserName; 458 }; 459 typedef struct _SecPkgCredentials_NamesA SecPkgCredentials_NamesA; 460 typedef SecPkgCredentials_NamesA* PSecPkgCredentials_NamesA; 461 462 struct _SecPkgCredentials_NamesW 463 { 464 SEC_WCHAR* sUserName; 465 }; 466 typedef struct _SecPkgCredentials_NamesW SecPkgCredentials_NamesW; 467 typedef SecPkgCredentials_NamesW* PSecPkgCredentials_NamesW; 468 469 #ifdef UNICODE 470 #define SecPkgCredentials_Names SecPkgCredentials_NamesW 471 #define PSecPkgCredentials_Names PSecPkgCredentials_NamesW 472 #else 473 #define SecPkgCredentials_Names SecPkgCredentials_NamesA 474 #define PSecPkgCredentials_Names PSecPkgCredentials_NamesA 475 #endif 476 477 #endif 478 479 /* InitializeSecurityContext Flags */ 480 481 #define ISC_REQ_DELEGATE 0x00000001 482 #define ISC_REQ_MUTUAL_AUTH 0x00000002 483 #define ISC_REQ_REPLAY_DETECT 0x00000004 484 #define ISC_REQ_SEQUENCE_DETECT 0x00000008 485 #define ISC_REQ_CONFIDENTIALITY 0x00000010 486 #define ISC_REQ_USE_SESSION_KEY 0x00000020 487 #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040 488 #define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080 489 #define ISC_REQ_ALLOCATE_MEMORY 0x00000100 490 #define ISC_REQ_USE_DCE_STYLE 0x00000200 491 #define ISC_REQ_DATAGRAM 0x00000400 492 #define ISC_REQ_CONNECTION 0x00000800 493 #define ISC_REQ_CALL_LEVEL 0x00001000 494 #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000 495 #define ISC_REQ_EXTENDED_ERROR 0x00004000 496 #define ISC_REQ_STREAM 0x00008000 497 #define ISC_REQ_INTEGRITY 0x00010000 498 #define ISC_REQ_IDENTIFY 0x00020000 499 #define ISC_REQ_NULL_SESSION 0x00040000 500 #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000 501 #define ISC_REQ_RESERVED1 0x00100000 502 #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000 503 #define ISC_REQ_FORWARD_CREDENTIALS 0x00400000 504 #define ISC_REQ_NO_INTEGRITY 0x00800000 505 #define ISC_REQ_USE_HTTP_STYLE 0x01000000 506 507 #define ISC_RET_DELEGATE 0x00000001 508 #define ISC_RET_MUTUAL_AUTH 0x00000002 509 #define ISC_RET_REPLAY_DETECT 0x00000004 510 #define ISC_RET_SEQUENCE_DETECT 0x00000008 511 #define ISC_RET_CONFIDENTIALITY 0x00000010 512 #define ISC_RET_USE_SESSION_KEY 0x00000020 513 #define ISC_RET_USED_COLLECTED_CREDS 0x00000040 514 #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080 515 #define ISC_RET_ALLOCATED_MEMORY 0x00000100 516 #define ISC_RET_USED_DCE_STYLE 0x00000200 517 #define ISC_RET_DATAGRAM 0x00000400 518 #define ISC_RET_CONNECTION 0x00000800 519 #define ISC_RET_INTERMEDIATE_RETURN 0x00001000 520 #define ISC_RET_CALL_LEVEL 0x00002000 521 #define ISC_RET_EXTENDED_ERROR 0x00004000 522 #define ISC_RET_STREAM 0x00008000 523 #define ISC_RET_INTEGRITY 0x00010000 524 #define ISC_RET_IDENTIFY 0x00020000 525 #define ISC_RET_NULL_SESSION 0x00040000 526 #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000 527 #define ISC_RET_RESERVED1 0x00100000 528 #define ISC_RET_FRAGMENT_ONLY 0x00200000 529 #define ISC_RET_FORWARD_CREDENTIALS 0x00400000 530 #define ISC_RET_USED_HTTP_STYLE 0x01000000 531 532 /* AcceptSecurityContext Flags */ 533 534 #define ASC_REQ_DELEGATE 0x00000001 535 #define ASC_REQ_MUTUAL_AUTH 0x00000002 536 #define ASC_REQ_REPLAY_DETECT 0x00000004 537 #define ASC_REQ_SEQUENCE_DETECT 0x00000008 538 #define ASC_REQ_CONFIDENTIALITY 0x00000010 539 #define ASC_REQ_USE_SESSION_KEY 0x00000020 540 #define ASC_REQ_ALLOCATE_MEMORY 0x00000100 541 #define ASC_REQ_USE_DCE_STYLE 0x00000200 542 #define ASC_REQ_DATAGRAM 0x00000400 543 #define ASC_REQ_CONNECTION 0x00000800 544 #define ASC_REQ_CALL_LEVEL 0x00001000 545 #define ASC_REQ_EXTENDED_ERROR 0x00008000 546 #define ASC_REQ_STREAM 0x00010000 547 #define ASC_REQ_INTEGRITY 0x00020000 548 #define ASC_REQ_LICENSING 0x00040000 549 #define ASC_REQ_IDENTIFY 0x00080000 550 #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000 551 #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000 552 #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000 553 #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000 554 #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000 555 #define ASC_REQ_NO_TOKEN 0x01000000 556 #define ASC_REQ_PROXY_BINDINGS 0x04000000 557 #define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000 558 559 #define ASC_RET_DELEGATE 0x00000001 560 #define ASC_RET_MUTUAL_AUTH 0x00000002 561 #define ASC_RET_REPLAY_DETECT 0x00000004 562 #define ASC_RET_SEQUENCE_DETECT 0x00000008 563 #define ASC_RET_CONFIDENTIALITY 0x00000010 564 #define ASC_RET_USE_SESSION_KEY 0x00000020 565 #define ASC_RET_ALLOCATED_MEMORY 0x00000100 566 #define ASC_RET_USED_DCE_STYLE 0x00000200 567 #define ASC_RET_DATAGRAM 0x00000400 568 #define ASC_RET_CONNECTION 0x00000800 569 #define ASC_RET_CALL_LEVEL 0x00002000 570 #define ASC_RET_THIRD_LEG_FAILED 0x00004000 571 #define ASC_RET_EXTENDED_ERROR 0x00008000 572 #define ASC_RET_STREAM 0x00010000 573 #define ASC_RET_INTEGRITY 0x00020000 574 #define ASC_RET_LICENSING 0x00040000 575 #define ASC_RET_IDENTIFY 0x00080000 576 #define ASC_RET_NULL_SESSION 0x00100000 577 #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000 578 #define ASC_RET_FRAGMENT_ONLY 0x00800000 579 #define ASC_RET_NO_TOKEN 0x01000000 580 #define ASC_RET_NO_PROXY_BINDINGS 0x04000000 581 #define ASC_RET_MISSING_BINDINGS 0x10000000 582 583 #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1 584 #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2 585 586 #if !defined(_WIN32) || defined(_UWP) 587 588 #ifndef _AUTH_IDENTITY_DEFINED 589 #define _AUTH_IDENTITY_DEFINED 590 591 typedef struct _SEC_WINNT_AUTH_IDENTITY_W 592 { 593 /* TSPasswordCreds */ 594 UINT16* User; 595 UINT32 UserLength; 596 UINT16* Domain; 597 UINT32 DomainLength; 598 UINT16* Password; 599 UINT32 PasswordLength; 600 UINT32 Flags; 601 } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W; 602 603 typedef struct _SEC_WINNT_AUTH_IDENTITY_A 604 { 605 /* TSPasswordCreds */ 606 BYTE* User; 607 UINT32 UserLength; 608 BYTE* Domain; 609 UINT32 DomainLength; 610 BYTE* Password; 611 UINT32 PasswordLength; 612 UINT32 Flags; 613 } SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A; 614 615 struct _SEC_WINNT_AUTH_IDENTITY 616 { 617 /* TSPasswordCreds */ 618 UINT16* User; 619 UINT32 UserLength; 620 UINT16* Domain; 621 UINT32 DomainLength; 622 UINT16* Password; 623 UINT32 PasswordLength; 624 UINT32 Flags; 625 }; 626 typedef struct _SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY; 627 628 #endif /* _AUTH_IDENTITY_DEFINED */ 629 630 struct _SecHandle 631 { 632 ULONG_PTR dwLower; 633 ULONG_PTR dwUpper; 634 }; 635 typedef struct _SecHandle SecHandle; 636 typedef SecHandle* PSecHandle; 637 638 typedef SecHandle CredHandle; 639 typedef CredHandle* PCredHandle; 640 typedef SecHandle CtxtHandle; 641 typedef CtxtHandle* PCtxtHandle; 642 643 #define SecInvalidateHandle(x) \ 644 ((PSecHandle)(x))->dwLower = ((PSecHandle)(x))->dwUpper = ((ULONG_PTR)((INT_PTR)-1)); 645 646 #define SecIsValidHandle(x) \ 647 ((((PSecHandle)(x))->dwLower != ((ULONG_PTR)((INT_PTR)-1))) && \ 648 (((PSecHandle)(x))->dwUpper != ((ULONG_PTR)((INT_PTR)-1)))) 649 650 #endif 651 652 #define SECBUFFER_VERSION 0 653 654 /* Buffer Types */ 655 #define SECBUFFER_EMPTY 0 656 #define SECBUFFER_DATA 1 657 #define SECBUFFER_TOKEN 2 658 #define SECBUFFER_PKG_PARAMS 3 659 #define SECBUFFER_MISSING 4 660 #define SECBUFFER_EXTRA 5 661 #define SECBUFFER_STREAM_TRAILER 6 662 #define SECBUFFER_STREAM_HEADER 7 663 #define SECBUFFER_NEGOTIATION_INFO 8 664 #define SECBUFFER_PADDING 9 665 #define SECBUFFER_STREAM 10 666 #define SECBUFFER_MECHLIST 11 667 #define SECBUFFER_MECHLIST_SIGNATURE 12 668 #define SECBUFFER_TARGET 13 669 #define SECBUFFER_CHANNEL_BINDINGS 14 670 #define SECBUFFER_CHANGE_PASS_RESPONSE 15 671 #define SECBUFFER_TARGET_HOST 16 672 #define SECBUFFER_ALERT 17 673 674 /* Security Buffer Flags */ 675 #define SECBUFFER_ATTRMASK 0xF0000000 676 #define SECBUFFER_READONLY 0x80000000 677 #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 678 #define SECBUFFER_RESERVED 0x60000000 679 680 #if !defined(_WIN32) || defined(_UWP) 681 682 struct _SecBuffer 683 { 684 ULONG cbBuffer; 685 ULONG BufferType; 686 void* pvBuffer; 687 }; 688 typedef struct _SecBuffer SecBuffer; 689 typedef SecBuffer* PSecBuffer; 690 691 struct _SecBufferDesc 692 { 693 ULONG ulVersion; 694 ULONG cBuffers; 695 PSecBuffer pBuffers; 696 }; 697 typedef struct _SecBufferDesc SecBufferDesc; 698 typedef SecBufferDesc* PSecBufferDesc; 699 700 typedef void(SEC_ENTRY* SEC_GET_KEY_FN)(void* Arg, void* Principal, UINT32 KeyVer, void** Key, 701 SECURITY_STATUS* pStatus); 702 703 typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_A)(ULONG* pcPackages, 704 PSecPkgInfoA* ppPackageInfo); 705 typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_W)(ULONG* pcPackages, 706 PSecPkgInfoW* ppPackageInfo); 707 708 #ifdef UNICODE 709 #define EnumerateSecurityPackages EnumerateSecurityPackagesW 710 #define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W 711 #else 712 #define EnumerateSecurityPackages EnumerateSecurityPackagesA 713 #define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A 714 #endif 715 716 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential, 717 ULONG ulAttribute, 718 void* pBuffer); 719 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential, 720 ULONG ulAttribute, 721 void* pBuffer); 722 723 #ifdef UNICODE 724 #define QueryCredentialsAttributes QueryCredentialsAttributesW 725 #define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W 726 #else 727 #define QueryCredentialsAttributes QueryCredentialsAttributesA 728 #define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A 729 #endif 730 731 typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_A)( 732 LPSTR pszPrincipal, LPSTR pszPackage, ULONG fCredentialUse, void* pvLogonID, void* pAuthData, 733 SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, 734 PTimeStamp ptsExpiry); 735 typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_W)( 736 LPWSTR pszPrincipal, LPWSTR pszPackage, ULONG fCredentialUse, void* pvLogonID, void* pAuthData, 737 SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, 738 PTimeStamp ptsExpiry); 739 740 #ifdef UNICODE 741 #define AcquireCredentialsHandle AcquireCredentialsHandleW 742 #define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W 743 #else 744 #define AcquireCredentialsHandle AcquireCredentialsHandleA 745 #define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A 746 #endif 747 748 typedef SECURITY_STATUS(SEC_ENTRY* FREE_CREDENTIALS_HANDLE_FN)(PCredHandle phCredential); 749 750 typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_A)( 751 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq, 752 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, 753 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); 754 typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_W)( 755 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq, 756 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, 757 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); 758 759 #ifdef UNICODE 760 #define InitializeSecurityContext InitializeSecurityContextW 761 #define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W 762 #else 763 #define InitializeSecurityContext InitializeSecurityContextA 764 #define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A 765 #endif 766 767 typedef SECURITY_STATUS(SEC_ENTRY* ACCEPT_SECURITY_CONTEXT_FN)( 768 PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq, 769 ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, 770 PTimeStamp ptsTimeStamp); 771 772 typedef SECURITY_STATUS(SEC_ENTRY* COMPLETE_AUTH_TOKEN_FN)(PCtxtHandle phContext, 773 PSecBufferDesc pToken); 774 775 typedef SECURITY_STATUS(SEC_ENTRY* DELETE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); 776 777 typedef SECURITY_STATUS(SEC_ENTRY* APPLY_CONTROL_TOKEN_FN)(PCtxtHandle phContext, 778 PSecBufferDesc pInput); 779 780 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, 781 ULONG ulAttribute, void* pBuffer); 782 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, 783 ULONG ulAttribute, void* pBuffer); 784 785 #ifdef UNICODE 786 #define QueryContextAttributes QueryContextAttributesW 787 #define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W 788 #else 789 #define QueryContextAttributes QueryContextAttributesA 790 #define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A 791 #endif 792 793 typedef SECURITY_STATUS(SEC_ENTRY* IMPERSONATE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); 794 795 typedef SECURITY_STATUS(SEC_ENTRY* REVERT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); 796 797 typedef SECURITY_STATUS(SEC_ENTRY* MAKE_SIGNATURE_FN)(PCtxtHandle phContext, ULONG fQOP, 798 PSecBufferDesc pMessage, ULONG MessageSeqNo); 799 800 typedef SECURITY_STATUS(SEC_ENTRY* VERIFY_SIGNATURE_FN)(PCtxtHandle phContext, 801 PSecBufferDesc pMessage, ULONG MessageSeqNo, 802 PULONG pfQOP); 803 804 typedef SECURITY_STATUS(SEC_ENTRY* FREE_CONTEXT_BUFFER_FN)(void* pvContextBuffer); 805 806 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_A)(SEC_CHAR* pszPackageName, 807 PSecPkgInfoA* ppPackageInfo); 808 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR* pszPackageName, 809 PSecPkgInfoW* ppPackageInfo); 810 811 #ifdef UNICODE 812 #define QuerySecurityPackageInfo QuerySecurityPackageInfoW 813 #define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W 814 #else 815 #define QuerySecurityPackageInfo QuerySecurityPackageInfoA 816 #define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A 817 #endif 818 819 typedef SECURITY_STATUS(SEC_ENTRY* EXPORT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext, ULONG fFlags, 820 PSecBuffer pPackedContext, 821 HANDLE* pToken); 822 823 typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_A)(SEC_CHAR* pszPackage, 824 PSecBuffer pPackedContext, 825 HANDLE pToken, 826 PCtxtHandle phContext); 827 typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* pszPackage, 828 PSecBuffer pPackedContext, 829 HANDLE pToken, 830 PCtxtHandle phContext); 831 832 #ifdef UNICODE 833 #define ImportSecurityContext ImportSecurityContextW 834 #define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W 835 #else 836 #define ImportSecurityContext ImportSecurityContextA 837 #define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A 838 #endif 839 840 typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_A)( 841 PCredHandle hCredentials, SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, UINT32 fCredentialUse, 842 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry); 843 typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_W)( 844 PCredHandle hCredentials, SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, UINT32 fCredentialUse, 845 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry); 846 847 #ifdef UNICODE 848 #define AddCredentials AddCredentialsW 849 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W 850 #else 851 #define AddCredentials AddCredentialsA 852 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A 853 #endif 854 855 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_CONTEXT_TOKEN_FN)(PCtxtHandle phContext, 856 HANDLE* phToken); 857 858 typedef SECURITY_STATUS(SEC_ENTRY* ENCRYPT_MESSAGE_FN)(PCtxtHandle phContext, ULONG fQOP, 859 PSecBufferDesc pMessage, ULONG MessageSeqNo); 860 861 typedef SECURITY_STATUS(SEC_ENTRY* DECRYPT_MESSAGE_FN)(PCtxtHandle phContext, 862 PSecBufferDesc pMessage, ULONG MessageSeqNo, 863 PULONG pfQOP); 864 865 typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, 866 ULONG ulAttribute, void* pBuffer, 867 ULONG cbBuffer); 868 typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, 869 ULONG ulAttribute, void* pBuffer, 870 ULONG cbBuffer); 871 872 #ifdef UNICODE 873 #define SetContextAttributes SetContextAttributesW 874 #define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W 875 #else 876 #define SetContextAttributes SetContextAttributesA 877 #define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A 878 #endif 879 880 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION \ 881 1 /* Interface has all routines through DecryptMessage */ 882 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 \ 883 2 /* Interface has all routines through SetContextAttributes */ 884 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 \ 885 3 /* Interface has all routines through SetCredentialsAttributes */ 886 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 \ 887 4 /* Interface has all routines through ChangeAccountPassword */ 888 889 struct _SecurityFunctionTableA 890 { 891 UINT32 dwVersion; 892 ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA; 893 QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA; 894 ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA; 895 FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle; 896 void* Reserved2; 897 INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA; 898 ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext; 899 COMPLETE_AUTH_TOKEN_FN CompleteAuthToken; 900 DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext; 901 APPLY_CONTROL_TOKEN_FN ApplyControlToken; 902 QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA; 903 IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext; 904 REVERT_SECURITY_CONTEXT_FN RevertSecurityContext; 905 MAKE_SIGNATURE_FN MakeSignature; 906 VERIFY_SIGNATURE_FN VerifySignature; 907 FREE_CONTEXT_BUFFER_FN FreeContextBuffer; 908 QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA; 909 void* Reserved3; 910 void* Reserved4; 911 EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext; 912 IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA; 913 ADD_CREDENTIALS_FN_A AddCredentialsA; 914 void* Reserved8; 915 QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken; 916 ENCRYPT_MESSAGE_FN EncryptMessage; 917 DECRYPT_MESSAGE_FN DecryptMessage; 918 SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA; 919 }; 920 typedef struct _SecurityFunctionTableA SecurityFunctionTableA; 921 typedef SecurityFunctionTableA* PSecurityFunctionTableA; 922 923 struct _SecurityFunctionTableW 924 { 925 UINT32 dwVersion; 926 ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW; 927 QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW; 928 ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW; 929 FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle; 930 void* Reserved2; 931 INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW; 932 ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext; 933 COMPLETE_AUTH_TOKEN_FN CompleteAuthToken; 934 DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext; 935 APPLY_CONTROL_TOKEN_FN ApplyControlToken; 936 QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW; 937 IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext; 938 REVERT_SECURITY_CONTEXT_FN RevertSecurityContext; 939 MAKE_SIGNATURE_FN MakeSignature; 940 VERIFY_SIGNATURE_FN VerifySignature; 941 FREE_CONTEXT_BUFFER_FN FreeContextBuffer; 942 QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW; 943 void* Reserved3; 944 void* Reserved4; 945 EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext; 946 IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW; 947 ADD_CREDENTIALS_FN_W AddCredentialsW; 948 void* Reserved8; 949 QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken; 950 ENCRYPT_MESSAGE_FN EncryptMessage; 951 DECRYPT_MESSAGE_FN DecryptMessage; 952 SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW; 953 }; 954 typedef struct _SecurityFunctionTableW SecurityFunctionTableW; 955 typedef SecurityFunctionTableW* PSecurityFunctionTableW; 956 957 typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_A)(void); 958 typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_W)(void); 959 960 #ifdef UNICODE 961 #define InitSecurityInterface InitSecurityInterfaceW 962 #define SecurityFunctionTable SecurityFunctionTableW 963 #define PSecurityFunctionTable PSecurityFunctionTableW 964 #define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W 965 #else 966 #define InitSecurityInterface InitSecurityInterfaceA 967 #define SecurityFunctionTable SecurityFunctionTableA 968 #define PSecurityFunctionTable PSecurityFunctionTableA 969 #define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A 970 #endif 971 972 #ifdef __cplusplus 973 extern "C" 974 { 975 #endif 976 977 /* Package Management */ 978 979 WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesA(ULONG* pcPackages, 980 PSecPkgInfoA* ppPackageInfo); 981 WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesW(ULONG* pcPackages, 982 PSecPkgInfoW* ppPackageInfo); 983 984 WINPR_API PSecurityFunctionTableA SEC_ENTRY InitSecurityInterfaceA(void); 985 WINPR_API PSecurityFunctionTableW SEC_ENTRY InitSecurityInterfaceW(void); 986 987 WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName, 988 PSecPkgInfoA* ppPackageInfo); 989 WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName, 990 PSecPkgInfoW* ppPackageInfo); 991 992 /* Credential Management */ 993 994 WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleA( 995 SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID, 996 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, 997 PTimeStamp ptsExpiry); 998 WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleW( 999 SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID, 1000 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, 1001 PTimeStamp ptsExpiry); 1002 1003 WINPR_API SECURITY_STATUS SEC_ENTRY ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags, 1004 PSecBuffer pPackedContext, 1005 HANDLE* pToken); 1006 WINPR_API SECURITY_STATUS SEC_ENTRY FreeCredentialsHandle(PCredHandle phCredential); 1007 1008 WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextA(SEC_CHAR* pszPackage, 1009 PSecBuffer pPackedContext, 1010 HANDLE pToken, 1011 PCtxtHandle phContext); 1012 WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextW(SEC_WCHAR* pszPackage, 1013 PSecBuffer pPackedContext, 1014 HANDLE pToken, 1015 PCtxtHandle phContext); 1016 1017 WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesA(PCredHandle phCredential, 1018 ULONG ulAttribute, 1019 void* pBuffer); 1020 WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesW(PCredHandle phCredential, 1021 ULONG ulAttribute, 1022 void* pBuffer); 1023 1024 /* Context Management */ 1025 1026 WINPR_API SECURITY_STATUS SEC_ENTRY 1027 AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, 1028 ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, 1029 PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp); 1030 1031 WINPR_API SECURITY_STATUS SEC_ENTRY ApplyControlToken(PCtxtHandle phContext, 1032 PSecBufferDesc pInput); 1033 WINPR_API SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext, 1034 PSecBufferDesc pToken); 1035 WINPR_API SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext); 1036 WINPR_API SECURITY_STATUS SEC_ENTRY FreeContextBuffer(void* pvContextBuffer); 1037 WINPR_API SECURITY_STATUS SEC_ENTRY ImpersonateSecurityContext(PCtxtHandle phContext); 1038 1039 WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextA( 1040 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq, 1041 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, 1042 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, 1043 PTimeStamp ptsExpiry); 1044 WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextW( 1045 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, 1046 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, 1047 ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, 1048 PTimeStamp ptsExpiry); 1049 1050 WINPR_API SECURITY_STATUS SEC_ENTRY QueryContextAttributes(PCtxtHandle phContext, 1051 ULONG ulAttribute, void* pBuffer); 1052 WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityContextToken(PCtxtHandle phContext, 1053 HANDLE* phToken); 1054 WINPR_API SECURITY_STATUS SEC_ENTRY SetContextAttributes(PCtxtHandle phContext, 1055 ULONG ulAttribute, void* pBuffer, 1056 ULONG cbBuffer); 1057 WINPR_API SECURITY_STATUS SEC_ENTRY RevertSecurityContext(PCtxtHandle phContext); 1058 1059 /* Message Support */ 1060 1061 WINPR_API SECURITY_STATUS SEC_ENTRY DecryptMessage(PCtxtHandle phContext, 1062 PSecBufferDesc pMessage, ULONG MessageSeqNo, 1063 PULONG pfQOP); 1064 WINPR_API SECURITY_STATUS SEC_ENTRY EncryptMessage(PCtxtHandle phContext, ULONG fQOP, 1065 PSecBufferDesc pMessage, ULONG MessageSeqNo); 1066 WINPR_API SECURITY_STATUS SEC_ENTRY MakeSignature(PCtxtHandle phContext, ULONG fQOP, 1067 PSecBufferDesc pMessage, ULONG MessageSeqNo); 1068 WINPR_API SECURITY_STATUS SEC_ENTRY VerifySignature(PCtxtHandle phContext, 1069 PSecBufferDesc pMessage, ULONG MessageSeqNo, 1070 PULONG pfQOP); 1071 1072 #ifdef __cplusplus 1073 } 1074 #endif 1075 1076 #endif 1077 1078 #ifdef __cplusplus 1079 extern "C" 1080 { 1081 #endif 1082 1083 /* Custom API */ 1084 1085 #define SECPKG_ATTR_AUTH_IDENTITY 1001 1086 #define SECPKG_ATTR_AUTH_PASSWORD 1002 1087 #define SECPKG_ATTR_AUTH_NTLM_HASH 1003 1088 #define SECPKG_ATTR_AUTH_NTLM_SAM_FILE 1004 1089 #define SECPKG_ATTR_AUTH_NTLM_MESSAGE 1100 1090 #define SECPKG_ATTR_AUTH_NTLM_TIMESTAMP 1101 1091 #define SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE 1102 1092 #define SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE 1103 1093 #define SECPKG_ATTR_AUTH_NTLM_NTPROOF_VALUE 1104 1094 #define SECPKG_ATTR_AUTH_NTLM_RANDKEY 1105 1095 #define SECPKG_ATTR_AUTH_NTLM_MIC 1106 1096 #define SECPKG_ATTR_AUTH_NTLM_MIC_VALUE 1107 1097 #define SECPKG_ATTR_AUTH_NTLM_HASH_CB 1108 1098 #define SECPKG_ATTR_AUTH_NTLM_HASH_CB_DATA 1109 1099 1100 struct _SecPkgContext_AuthIdentity 1101 { 1102 char User[256 + 1]; 1103 char Domain[256 + 1]; 1104 }; 1105 typedef struct _SecPkgContext_AuthIdentity SecPkgContext_AuthIdentity; 1106 1107 struct _SecPkgContext_AuthPassword 1108 { 1109 char Password[256 + 1]; 1110 }; 1111 typedef struct _SecPkgContext_AuthPassword SecPkgContext_AuthPassword; 1112 1113 struct _SecPkgContext_AuthNtlmHash 1114 { 1115 int Version; 1116 BYTE NtlmHash[16]; 1117 }; 1118 typedef struct _SecPkgContext_AuthNtlmHash SecPkgContext_AuthNtlmHash; 1119 1120 struct _SecPkgContext_AuthNtlmTimestamp 1121 { 1122 BYTE Timestamp[8]; 1123 BOOL ChallengeOrResponse; 1124 }; 1125 typedef struct _SecPkgContext_AuthNtlmTimestamp SecPkgContext_AuthNtlmTimestamp; 1126 1127 struct _SecPkgContext_AuthNtlmClientChallenge 1128 { 1129 BYTE ClientChallenge[8]; 1130 }; 1131 typedef struct _SecPkgContext_AuthNtlmClientChallenge SecPkgContext_AuthNtlmClientChallenge; 1132 1133 struct _SecPkgContext_AuthNtlmServerChallenge 1134 { 1135 BYTE ServerChallenge[8]; 1136 }; 1137 typedef struct _SecPkgContext_AuthNtlmServerChallenge SecPkgContext_AuthNtlmServerChallenge; 1138 1139 struct _SecPkgContext_AuthNtlmMessage 1140 { 1141 UINT32 type; 1142 UINT32 length; 1143 BYTE* buffer; 1144 }; 1145 typedef struct _SecPkgContext_AuthNtlmMessage SecPkgContext_AuthNtlmMessage; 1146 1147 #define SSPI_INTERFACE_WINPR 0x00000001 1148 #define SSPI_INTERFACE_NATIVE 0x00000002 1149 1150 typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_A)(DWORD flags); 1151 typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_W)(DWORD flags); 1152 1153 WINPR_API void sspi_GlobalInit(void); 1154 WINPR_API void sspi_GlobalFinish(void); 1155 1156 WINPR_API void* sspi_SecBufferAlloc(PSecBuffer SecBuffer, ULONG size); 1157 WINPR_API void sspi_SecBufferFree(PSecBuffer SecBuffer); 1158 1159 WINPR_API int sspi_SetAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, const char* user, 1160 const char* domain, const char* password); 1161 WINPR_API int sspi_SetAuthIdentityWithUnicodePassword(SEC_WINNT_AUTH_IDENTITY* identity, 1162 const char* user, const char* domain, 1163 LPWSTR password, ULONG passwordLength); 1164 WINPR_API int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, 1165 SEC_WINNT_AUTH_IDENTITY* srcIdentity); 1166 1167 WINPR_API const char* GetSecurityStatusString(SECURITY_STATUS status); 1168 1169 WINPR_API SecurityFunctionTableW* SEC_ENTRY InitSecurityInterfaceExW(DWORD flags); 1170 WINPR_API SecurityFunctionTableA* SEC_ENTRY InitSecurityInterfaceExA(DWORD flags); 1171 1172 #ifdef UNICODE 1173 #define InitSecurityInterfaceEx InitSecurityInterfaceExW 1174 #define INIT_SECURITY_INTERFACE_EX INIT_SECURITY_INTERFACE_EX_W 1175 #else 1176 #define InitSecurityInterfaceEx InitSecurityInterfaceExA 1177 #define INIT_SECURITY_INTERFACE_EX INIT_SECURITY_INTERFACE_EX_A 1178 #endif 1179 1180 #ifdef __cplusplus 1181 } 1182 #endif 1183 1184 #endif /* WINPR_SSPI_H */ 1185