1 /* Copyright (c) 2010 Daniel Doubrovkine, All Rights Reserved 2 * 3 * The contents of this file is dual-licensed under 2 4 * alternative Open Source/Free licenses: LGPL 2.1 or later and 5 * Apache License 2.0. (starting with JNA version 4.0.0). 6 * 7 * You can freely decide which license you want to apply to 8 * the project. 9 * 10 * You may obtain a copy of the LGPL License at: 11 * 12 * http://www.gnu.org/licenses/licenses.html 13 * 14 * A copy is also included in the downloadable source code package 15 * containing JNA, in file "LGPL2.1". 16 * 17 * You may obtain a copy of the Apache License at: 18 * 19 * http://www.apache.org/licenses/ 20 * 21 * A copy is also included in the downloadable source code package 22 * containing JNA, in file "AL2.0". 23 */ 24 package com.sun.jna.platform.win32; 25 26 import com.sun.jna.Memory; 27 import com.sun.jna.Pointer; 28 import com.sun.jna.Structure; 29 import com.sun.jna.Structure.FieldOrder; 30 import com.sun.jna.win32.W32APITypeMapper; 31 32 /** 33 * Ported from Sspi.h. 34 * Microsoft Windows SDK 6.0A. 35 * @author dblock[at]dblock.org 36 */ 37 public interface Sspi { 38 39 /** 40 * Maximum size in bytes of a security token. 41 */ 42 int MAX_TOKEN_SIZE = 12288; 43 44 // Flags for the fCredentialUse parameter of AcquireCredentialsHandle 45 46 /** 47 * Validate an incoming server credential. Inbound credentials might be validated 48 * by using an authenticating authority when InitializeSecurityContext or 49 * AcceptSecurityContext is called. If such an authority is not available, the function will 50 * fail and return SEC_E_NO_AUTHENTICATING_AUTHORITY. Validation is package specific. 51 */ 52 int SECPKG_CRED_INBOUND = 1; 53 54 /** 55 * Allow a local client credential to prepare an outgoing token. 56 */ 57 int SECPKG_CRED_OUTBOUND = 2; 58 59 60 // Flags for the TargetDataRep parameter of AcceptSecurityContext and InitializeSecurityContext 61 62 /** 63 * Specifies Native data representation. 64 */ 65 int SECURITY_NATIVE_DREP = 0x10; 66 67 /** 68 * Specifies network data representation. 69 */ 70 int SECURITY_NETWORK_DREP = 0x00; 71 72 // Flags for the fContextReq parameter of InitializeSecurityContext or AcceptSecurityContext. 73 74 /** 75 * The security package allocates output buffers for you. 76 * When you have finished using the output buffers, free them by calling the FreeContextBuffer function. 77 */ 78 int ISC_REQ_ALLOCATE_MEMORY = 0x00000100; 79 80 /** 81 * Encrypt messages by using the EncryptMessage function. 82 */ 83 int ISC_REQ_CONFIDENTIALITY = 0x00000010; 84 85 /** 86 * The security context will not handle formatting messages. This value is the default. 87 */ 88 int ISC_REQ_CONNECTION = 0x00000800; 89 90 /** 91 * The server can use the context to authenticate to other servers as the client. 92 * The ISC_REQ_MUTUAL_AUTH flag must be set for this flag to work. Valid for Kerberos. 93 * Ignore this flag for constrained delegation. 94 */ 95 int ISC_REQ_DELEGATE = 0x00000001; 96 97 /** 98 * When errors occur, the remote party will be notified. 99 */ 100 int ISC_REQ_EXTENDED_ERROR = 0x00004000; 101 102 /** 103 * Sign messages and verify signatures by using the EncryptMessage and MakeSignature functions. 104 */ 105 int ISC_REQ_INTEGRITY = 0x00010000; 106 107 /** 108 * The mutual authentication policy of the service will be satisfied. 109 */ 110 int ISC_REQ_MUTUAL_AUTH = 0x00000002; 111 112 /** 113 * Detect replayed messages that have been encoded by using the 114 * EncryptMessage or MakeSignature functions. 115 */ 116 int ISC_REQ_REPLAY_DETECT = 0x00000004; 117 118 /** 119 * Detect messages received out of sequence. 120 */ 121 int ISC_REQ_SEQUENCE_DETECT = 0x00000008; 122 123 /** 124 * Support a stream-oriented connection. 125 */ 126 int ISC_REQ_STREAM = 0x00008000; 127 128 /** 129 * Version of the SecBuffer struct. 130 */ 131 int SECBUFFER_VERSION = 0; 132 133 /** 134 * This is a placeholder in the buffer array. 135 */ 136 int SECBUFFER_EMPTY = 0; 137 /** 138 * This buffer type is used for common data. The security package can read 139 * and write this data. 140 */ 141 int SECBUFFER_DATA = 1; 142 /** 143 * This buffer type is used to indicate the security token portion of the message. 144 * This is read-only for input parameters or read/write for output parameters. 145 */ 146 int SECBUFFER_TOKEN = 2; 147 148 /** 149 * The pBuffer parameter contains a pointer to a {@link SecPkgContext_Sizes} 150 * structure. 151 * 152 * <p>Queries the sizes of the structures used in the per-message functions.</p> 153 */ 154 int SECPKG_ATTR_SIZES = 0; 155 /** 156 * The pBuffer parameter contains a pointer to a {@link SecPkgCredentials_Names} 157 * structure. 158 * 159 * <p>Queries the name associated with the context.</p> 160 */ 161 int SECPKG_ATTR_NAMES = 1; 162 /** 163 * The pBuffer parameter contains a pointer to a SecPkgContext_Lifespan 164 * structure. 165 * 166 * <p>Queries the life span of the context.</p> 167 */ 168 int SECPKG_ATTR_LIFESPAN = 2; 169 /** 170 * The pBuffer parameter contains a pointer to a SecPkgContext_DceInfo 171 * structure. 172 * 173 * <p>Queries for authorization data used by DCE services.</p> 174 */ 175 int SECPKG_ATTR_DCE_INFO = 3; 176 /** 177 * The pBuffer parameter contains a pointer to a SecPkgContext_StreamSizes 178 * structure. 179 * 180 * <p>Queries the sizes of the various parts of a stream used in the 181 * per-message functions.</p> 182 * <p>This attribute is supported only by the Schannel security package.</p> 183 */ 184 int SECPKG_ATTR_STREAM_SIZES = 4; 185 /** 186 * The pBuffer parameter contains a pointer to a SecPkgContext_KeyInfo 187 * structure. 188 * 189 * <p>Queries information about the keys used in a security context.</p> 190 */ 191 int SECPKG_ATTR_KEY_INFO = 5; 192 /** 193 * The pBuffer parameter contains a pointer to a SecPkgContext_Authority 194 * structure. 195 * 196 * <p>Queries the name of the authenticating authority.</p> 197 */ 198 int SECPKG_ATTR_AUTHORITY = 6; 199 int SECPKG_ATTR_PROTO_INFO = 7; 200 /** 201 * The pBuffer parameter contains a pointer to a 202 * SecPkgContext_PasswordExpiry structure. 203 * 204 * <p>Returns password expiration information.</p> 205 */ 206 int SECPKG_ATTR_PASSWORD_EXPIRY = 8; 207 /** 208 * The pBuffer parameter contains a pointer to a 209 * {@link SecPkgContext_SessionKey} structure. 210 * 211 * Returns information about the session keys. 212 */ 213 int SECPKG_ATTR_SESSION_KEY = 9; 214 /** 215 * The pBuffer parameter contains a pointer to a 216 * {@link SecPkgContext_PackageInfo} structure. 217 * 218 * Returns information on the SSP in use. 219 */ 220 int SECPKG_ATTR_PACKAGE_INFO = 10; 221 int SECPKG_ATTR_USER_FLAGS = 11; 222 /** 223 * The pBuffer parameter contains a pointer to a 224 * {@link SecPkgContext_NegotiationInfo} structure. 225 * 226 * <p>Returns information about the security package to be used with the 227 * negotiation process and the current state of the negotiation for the use 228 * of that package.</p> 229 */ 230 int SECPKG_ATTR_NEGOTIATION_INFO = 12; 231 /** 232 * The pBuffer parameter contains a pointer to a SecPkgContext_NativeNames 233 * structure. 234 * 235 * <p>Returns the principal name (CNAME) from the outbound ticket.</p> 236 */ 237 int SECPKG_ATTR_NATIVE_NAMES = 13; 238 /** 239 * The pBuffer parameter contains a pointer to a {@link SecPkgContext_Flags} 240 * structure. 241 * 242 * <p>Returns information about the negotiated context flags.</p> 243 */ 244 int SECPKG_ATTR_FLAGS = 14; 245 // These attributes exist only in Win XP and greater 246 int SECPKG_ATTR_USE_VALIDATED = 15; 247 int SECPKG_ATTR_CREDENTIAL_NAME = 16; 248 /** 249 * The pBuffer parameter contains a pointer to a 250 * SecPkgContext_TargetInformation structure. 251 * 252 * <p>Returns information about the name of the remote server.</p> 253 */ 254 int SECPKG_ATTR_TARGET_INFORMATION = 17; 255 /** 256 * The pBuffer parameter contains a pointer to a SecPkgContext_AccessToken 257 * structure. 258 * 259 * <p>Returns a handle to the access token.</p> 260 */ 261 int SECPKG_ATTR_ACCESS_TOKEN = 18; 262 // These attributes exist only in Win2K3 and greater 263 int SECPKG_ATTR_TARGET = 19; 264 int SECPKG_ATTR_AUTHENTICATION_ID = 20; 265 // These attributes exist only in Win2K3SP1 and greater 266 int SECPKG_ATTR_LOGOFF_TIME = 21; 267 // 268 // win7 or greater 269 // 270 int SECPKG_ATTR_NEGO_KEYS = 22; 271 int SECPKG_ATTR_PROMPTING_NEEDED = 24; 272 /** 273 * The pBuffer parameter contains a pointer to a SecPkgContext_Bindings 274 * structure that specifies channel binding information. 275 * 276 * <p>This value is supported only by the Schannel security package.</p> 277 * 278 * <p><strong>Windows Server 2008, Windows Vista, Windows Server 2003 and 279 * Windows XP:</strong> 280 * This value is not supported.</p> 281 */ 282 int SECPKG_ATTR_UNIQUE_BINDINGS = 25; 283 /** 284 * The pBuffer parameter contains a pointer to a SecPkgContext_Bindings 285 * structure that specifies channel binding information. 286 * 287 * <p>This attribute is supported only by the Schannel security package.</p> 288 * 289 * <p><strong>Windows Server 2008, Windows Vista, Windows Server 2003 and 290 * Windows XP:</strong> 291 * This value is not supported.</p> 292 */ 293 int SECPKG_ATTR_ENDPOINT_BINDINGS = 26; 294 /** 295 * The pBuffer parameter contains a pointer to a 296 * SecPkgContext_ClientSpecifiedTarget structure that represents the service 297 * principal name (SPN) of the initial target supplied by the client. 298 * 299 * <p><strong>Windows Server 2008, Windows Vista, Windows Server 2003 and 300 * Windows XP:</strong> 301 * This value is not supported.</p> 302 */ 303 int SECPKG_ATTR_CLIENT_SPECIFIED_TARGET = 27; 304 305 /** 306 * The pBuffer parameter contains a pointer to a 307 * SecPkgContext_LastClientTokenStatus structure that specifies whether the 308 * token from the most recent call to the InitializeSecurityContext function 309 * is the last token from the client. 310 * 311 * <p>This value is supported only by the Negotiate, Kerberos, and NTLM 312 * security packages.</p> 313 * 314 * <p><strong>Windows Server 2008, Windows Vista, Windows Server 2003 and 315 * Windows XP:</strong> 316 * This value is not supported.</p> 317 */ 318 int SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS = 30; 319 int SECPKG_ATTR_NEGO_PKG_INFO = 31; // contains nego info of packages 320 int SECPKG_ATTR_NEGO_STATUS = 32; // contains the last error 321 int SECPKG_ATTR_CONTEXT_DELETED = 33; // a context has been deleted 322 323 /** 324 * The pBuffer parameter contains a pointer to a 325 * SecPkgContext_SubjectAttributes structure. 326 * 327 * <p>This value returns information about the security attributes for the 328 * connection.</p> 329 * 330 * <p>This value is supported only on the CredSSP server.</p> 331 * 332 * <p><strong>Windows Server 2008, Windows Vista, Windows Server 2003 and 333 * Windows XP:</strong> 334 * This value is not supported.</p> 335 */ 336 int SECPKG_ATTR_SUBJECT_SECURITY_ATTRIBUTES = 128; 337 338 /** 339 * Negotiation has been completed. 340 */ 341 int SECPKG_NEGOTIATION_COMPLETE = 0; 342 /** 343 * Negotiations not yet completed. 344 */ 345 int SECPKG_NEGOTIATION_OPTIMISTIC = 1; 346 /** 347 * Negotiations in progress. 348 */ 349 int SECPKG_NEGOTIATION_IN_PROGRESS = 2; 350 int SECPKG_NEGOTIATION_DIRECT = 3; 351 int SECPKG_NEGOTIATION_TRY_MULTICRED = 4; 352 353 354 // flags for SecPkgInfo fCapabilities 355 // (https://msdn.microsoft.com/en-us/library/windows/desktop/aa380104(v=vs.85).aspx) 356 /** 357 * Supports integrity on messages 358 */ 359 int SECPKG_FLAG_INTEGRITY = 0x00000001; 360 /** 361 * Supports privacy (confidentiality) 362 */ 363 int SECPKG_FLAG_PRIVACY = 0x00000002; 364 /** 365 * Only security token needed 366 */ 367 int SECPKG_FLAG_TOKEN_ONLY = 0x00000004; 368 /** 369 * Datagram RPC support 370 */ 371 int SECPKG_FLAG_DATAGRAM = 0x00000008; 372 /** 373 * Connection oriented RPC support 374 */ 375 int SECPKG_FLAG_CONNECTION = 0x00000010; 376 /** 377 * Full 3-leg required for re-auth. 378 */ 379 int SECPKG_FLAG_MULTI_REQUIRED = 0x00000020; 380 /** 381 * Server side functionality not available 382 */ 383 int SECPKG_FLAG_CLIENT_ONLY = 0x00000040; 384 /** 385 * Supports extended error msgs 386 */ 387 int SECPKG_FLAG_EXTENDED_ERROR = 0x00000080; 388 /** 389 * Supports impersonation 390 */ 391 int SECPKG_FLAG_IMPERSONATION = 0x00000100; 392 /** 393 * Accepts Win32 names 394 */ 395 int SECPKG_FLAG_ACCEPT_WIN32_NAME = 0x00000200; 396 /** 397 * Supports stream semantics 398 */ 399 int SECPKG_FLAG_STREAM = 0x00000400; 400 /** 401 * Can be used by the negotiate package 402 */ 403 int SECPKG_FLAG_NEGOTIABLE = 0x00000800; 404 /** 405 * GSS Compatibility Available 406 */ 407 int SECPKG_FLAG_GSS_COMPATIBLE = 0x00001000; 408 /** 409 * Supports common LsaLogonUser 410 */ 411 int SECPKG_FLAG_LOGON = 0x00002000; 412 /** 413 * Token Buffers are in ASCII 414 */ 415 int SECPKG_FLAG_ASCII_BUFFERS = 0x00004000; 416 /** 417 * Package can fragment to fit 418 */ 419 int SECPKG_FLAG_FRAGMENT = 0x00008000; 420 /** 421 * Package can perform mutual authentication 422 */ 423 int SECPKG_FLAG_MUTUAL_AUTH = 0x00010000; 424 /** 425 * Package can delegate 426 */ 427 int SECPKG_FLAG_DELEGATION = 0x00020000; 428 /** 429 * Supports callers with restricted tokens. 430 */ 431 int SECPKG_FLAG_RESTRICTED_TOKENS = 0x80000; 432 /** 433 * The security package extends the Microsoft Negotiate security package. 434 */ 435 int SECPKG_FLAG_NEGO_EXTENDER = 0x00100000; 436 /** 437 * This package is negotiated by the package of type SECPKG_FLAG_NEGO_EXTENDER. 438 */ 439 int SECPKG_FLAG_NEGOTIABLE2 = 0x00200000; 440 /** 441 * This package receives all calls from app container apps. 442 */ 443 int SECPKG_FLAG_APPCONTAINER_PASSTHROUGH = 0x00400000; 444 /** 445 * This package receives calls from app container apps if one of the following checks succeeds. 446 * <ul> 447 * <li>Caller has default credentials capability.</li> 448 * <li>The target is a proxy server.</li> 449 * <li>The caller has supplied credentials.</li> 450 * </ul> 451 */ 452 int SECPKG_FLAG_APPCONTAINER_CHECKS = 0x00800000; 453 454 /** 455 * Returns the name of a credential in a pbuffer of type {@link SecPkgCredentials_Names}. 456 */ 457 int SECPKG_CRED_ATTR_NAMES = 1; 458 459 /** 460 * Produce a header or trailer but do not encrypt the message. 461 */ 462 int SECQOP_WRAP_NO_ENCRYPT = 0x80000001; 463 /** 464 * Send an Schannel alert message. In this case, the pMessage parameter must 465 * contain a standard two-byte SSL/TLS event code. This value is supported 466 * only by the Schannel SSP. 467 */ 468 int SECQOP_WRAP_OOB_DATA = 0x40000000; 469 470 /** 471 * Security handle. 472 */ 473 @FieldOrder({"dwLower", "dwUpper"}) 474 public static class SecHandle extends Structure { 475 476 public static class ByReference extends SecHandle implements Structure.ByReference { 477 } 478 479 public Pointer dwLower; 480 public Pointer dwUpper; 481 482 /** 483 * An empty SecHandle. 484 */ SecHandle()485 public SecHandle() { 486 super(); 487 } 488 489 /** 490 * Returns true if the handle is NULL. 491 * @return 492 * True if NULL, False otherwise. 493 */ isNull()494 public boolean isNull() { 495 return dwLower == null && dwUpper == null; 496 } 497 } 498 499 /** 500 * A pointer to a SecHandle 501 */ 502 @FieldOrder({"secHandle"}) 503 public static class PSecHandle extends Structure { 504 505 public static class ByReference extends PSecHandle implements Structure.ByReference { 506 } 507 508 /** 509 * The first entry in an array of SecPkgInfo structures. 510 */ 511 public SecHandle.ByReference secHandle; 512 PSecHandle()513 public PSecHandle() { 514 super(); 515 } 516 PSecHandle(SecHandle h)517 public PSecHandle(SecHandle h) { 518 super(h.getPointer()); 519 read(); 520 } 521 } 522 523 /** 524 * Credentials handle. 525 */ 526 public static class CredHandle extends SecHandle { 527 } 528 529 /** 530 * Security context handle. 531 */ 532 public static class CtxtHandle extends SecHandle { 533 } 534 535 /** 536 * The SecBuffer structure describes a buffer allocated by a transport application 537 * to pass to a security package. 538 */ 539 @FieldOrder({"cbBuffer", "BufferType", "pvBuffer"}) 540 public static class SecBuffer extends Structure { 541 542 /** 543 * A ByReference SecBuffer. 544 */ 545 public static class ByReference extends SecBuffer implements Structure.ByReference { 546 /** 547 * Create a SECBUFFER_EMPTY SecBuffer. 548 */ ByReference()549 public ByReference() { 550 } 551 552 /** 553 * Create a SecBuffer of a given type and size. 554 * @param type 555 * Buffer type, one of SECBUFFER_EMTPY, etc. 556 * @param size 557 * Buffer size, eg. MAX_TOKEN_SIZE. 558 */ ByReference(int type, int size)559 public ByReference(int type, int size) { 560 super(type, size); 561 } 562 ByReference(int type, byte[] token)563 public ByReference(int type, byte[] token) { 564 super(type, token); 565 } 566 } 567 568 /** 569 * Specifies the size, in bytes, of the buffer pointed to by the pvBuffer member. 570 */ 571 public int cbBuffer; 572 /** 573 * Bit flags that indicate the type of buffer. Must be one of the values of 574 * the SecBufferType enumeration. 575 */ 576 public int BufferType = SECBUFFER_EMPTY; 577 /** 578 * A pointer to a buffer. 579 */ 580 public Pointer pvBuffer; 581 582 /** 583 * Create a new SECBUFFER_EMPTY buffer. 584 */ SecBuffer()585 public SecBuffer() { 586 super(); 587 } 588 589 /** 590 * Create a SecBuffer of a given type and size. 591 * @param type 592 * Buffer type, one of SECBUFFER_EMTPY, etc. 593 * @param size 594 * Buffer size, eg. MAX_TOKEN_SIZE. 595 */ SecBuffer(int type, int size)596 public SecBuffer(int type, int size) { 597 cbBuffer = size; 598 pvBuffer = new Memory(size); 599 BufferType = type; 600 } 601 602 /** 603 * Create a SecBuffer of a given type with initial data. 604 * @param type 605 * Buffer type, one of SECBUFFER_EMTPY, etc. 606 * @param token 607 * Existing token. 608 */ SecBuffer(int type, byte[] token)609 public SecBuffer(int type, byte[] token) { 610 cbBuffer = token.length; 611 pvBuffer = new Memory(token.length); 612 pvBuffer.write(0, token, 0, token.length); 613 BufferType = type; 614 } 615 616 /** 617 * Get buffer bytes. 618 * @return 619 * Raw buffer bytes. 620 */ getBytes()621 public byte[] getBytes() { 622 return pvBuffer == null ? null : pvBuffer.getByteArray(0, cbBuffer); 623 } 624 625 } 626 627 /** 628 * The SecBufferDesc structure describes an array of SecBuffer structures to 629 * pass from a transport application to a security package. 630 * 631 * <p>SecBufferDesc was introduced because {@link SecBufferDesc} does not 632 * correctly cover the case there not exactly one {@link SecBuffer} is 633 * passed to the security package.</p> 634 * 635 * <p>If the SecBufferDesc is managed from the java side, <b>prefer to use 636 * {@link com.sun.jna.platform.win32.SspiUtil.ManagedSecBufferDesc ManagedSecBufferDesc}.</b></p> 637 */ 638 @FieldOrder({"ulVersion", "cBuffers", "pBuffers"}) 639 public static class SecBufferDesc extends Structure { 640 /** 641 * Version number. 642 */ 643 public int ulVersion = SECBUFFER_VERSION; 644 /** 645 * Number of buffers. 646 */ 647 public int cBuffers = 1; 648 /** 649 * Pointer to array of buffers. 650 */ 651 public Pointer pBuffers; 652 653 /** 654 * Create a new SecBufferDesc with one SECBUFFER_EMPTY buffer. 655 */ SecBufferDesc()656 public SecBufferDesc() { 657 super(); 658 } 659 } 660 661 /** 662 * A security integer. 663 */ 664 @FieldOrder({"dwLower", "dwUpper"}) 665 public static class SECURITY_INTEGER extends Structure { 666 public int dwLower; 667 public int dwUpper; 668 } 669 670 /** 671 * A timestamp. 672 */ 673 public static class TimeStamp extends SECURITY_INTEGER { 674 } 675 676 /** 677 * A pointer to an array of SecPkgInfo structures. 678 */ 679 @FieldOrder({"pPkgInfo"}) 680 public static class PSecPkgInfo extends Structure { 681 682 public static class ByReference extends PSecPkgInfo implements Structure.ByReference { 683 684 } 685 686 /** 687 * The first entry in an array of SecPkgInfo structures. 688 */ 689 public SecPkgInfo.ByReference pPkgInfo; 690 PSecPkgInfo()691 public PSecPkgInfo() { 692 super(); 693 } 694 695 /** 696 * An array of SecPkgInfo structures. 697 */ 698 @Override toArray(int size)699 public SecPkgInfo.ByReference[] toArray(int size) { 700 return (SecPkgInfo.ByReference[]) pPkgInfo.toArray(size); 701 } 702 } 703 704 /** 705 * The SecPkgInfo structure provides general information about a security package, 706 * such as its name and capabilities. 707 */ 708 @FieldOrder({"fCapabilities", "wVersion", "wRPCID", "cbMaxToken", "Name", "Comment"}) 709 public static class SecPkgInfo extends Structure { 710 711 /** 712 * A reference pointer to a SecPkgInfo structure. 713 */ 714 public static class ByReference extends SecPkgInfo implements Structure.ByReference { 715 } 716 717 /** 718 * Set of bit flags that describes the capabilities of the security package. 719 */ 720 public int fCapabilities; 721 /** 722 * Specifies the version of the package protocol. Must be 1. 723 */ 724 public short wVersion = 1; 725 /** 726 * Specifies a DCE RPC identifier, if appropriate. If the package does not implement one of 727 * the DCE registered security systems, the reserved value SECPKG_ID_NONE is used. 728 */ 729 public short wRPCID; 730 /** 731 * Specifies the maximum size, in bytes, of the token. 732 */ 733 public int cbMaxToken; 734 /** 735 * Pointer to a null-terminated string that contains the name of the security package. 736 */ 737 public String Name; 738 /** 739 * Pointer to a null-terminated string. This can be any additional string passed 740 * back by the package. 741 */ 742 public String Comment; 743 SecPkgInfo()744 public SecPkgInfo() { 745 super(W32APITypeMapper.DEFAULT); 746 } 747 } 748 749 /** 750 * The SecPkgContext_PackageInfo structure. 751 */ 752 @FieldOrder({"PackageInfo"}) 753 public static class SecPkgContext_PackageInfo extends Structure { 754 /** 755 * A reference pointer to a SecPkgContext_PackageInfo structure. 756 */ 757 public static class ByReference extends SecPkgContext_PackageInfo implements Structure.ByReference { 758 } 759 760 /** 761 * Pointer to a SecPkgInfo structure containing the name of the SSP in 762 * use. 763 */ 764 public SecPkgInfo.ByReference PackageInfo; 765 SecPkgContext_PackageInfo()766 public SecPkgContext_PackageInfo() { 767 super(W32APITypeMapper.DEFAULT); 768 } 769 } 770 771 /** 772 * The SecPkgCredentials_Names structure holds the name of the user 773 * associated with a context. 774 * 775 * <p> 776 * The 777 * {@link Secur32#QueryCredentialsAttributes(com.sun.jna.platform.win32.Sspi.CredHandle, int, com.sun.jna.Structure)} 778 * function uses this structure.</p> 779 */ 780 @FieldOrder({"sUserName"}) 781 public static class SecPkgCredentials_Names extends Structure { 782 783 public static class ByReference extends SecPkgCredentials_Names implements Structure.ByReference { 784 785 } 786 787 /** 788 * Pointer to a null-terminated string containing the name of the user 789 * represented by the credential. If the security package sets the 790 * SECPKG_FLAG_ACCEPT_WIN32_NAME flag to indicate that it can process 791 * Windows names, this name can be used in other Windows calls. 792 */ 793 public Pointer sUserName; 794 SecPkgCredentials_Names()795 public SecPkgCredentials_Names() { 796 super(W32APITypeMapper.DEFAULT); 797 } 798 799 /** 800 * @return value of userName attribute 801 */ getUserName()802 public synchronized String getUserName() { 803 if (sUserName == null) { 804 return null; 805 } 806 return Boolean.getBoolean("w32.ascii") ? sUserName.getString(0) : sUserName.getWideString(0); 807 } 808 809 /** 810 * Free native buffer 811 * 812 * @return {@link WinError#SEC_E_OK} if ok 813 */ free()814 public synchronized int free() { 815 if (sUserName != null) { 816 int result = Secur32.INSTANCE.FreeContextBuffer(sUserName); 817 sUserName = null; 818 return result; 819 } 820 return WinError.SEC_E_OK; 821 } 822 } 823 824 /** 825 * The SecPkgContext_Sizes structure indicates the sizes of important 826 * structures used in the message support functions. 827 * 828 * <p> 829 * The {@link Secur32#QueryContextAttributes(com.sun.jna.platform.win32.Sspi.CtxtHandle, int, com.sun.jna.Structure) 830 * } function uses this structure.</p> 831 */ 832 @FieldOrder({"cbMaxToken", "cbMaxSignature", "cbBlockSize", "cbSecurityTrailer"}) 833 public static class SecPkgContext_Sizes extends Structure { 834 835 public static class ByReference extends SecPkgContext_Sizes implements Structure.ByReference { 836 837 } 838 839 /** 840 * Specifies the maximum size of the security token used in the authentication exchanges. 841 */ 842 public int cbMaxToken; 843 844 /** 845 * Specifies the maximum size of the signature created by the MakeSignature function. This member must be zero if integrity services are not requested or available. 846 */ 847 public int cbMaxSignature; 848 849 /** 850 * Specifies the preferred integral size of the messages. For example, eight indicates that messages should be of size zero mod eight for optimal performance. Messages other than this block size can be padded. 851 */ 852 public int cbBlockSize; 853 854 /** 855 * Size of the security trailer to be appended to messages. This member should be zero if the relevant services are not requested or available. 856 */ 857 public int cbSecurityTrailer; 858 SecPkgContext_Sizes()859 public SecPkgContext_Sizes() { 860 super(W32APITypeMapper.DEFAULT); 861 } 862 863 @Override toString()864 public String toString() { 865 return "SecPkgContext_Sizes{" + "cbMaxToken=" + cbMaxToken + 866 ", cbMaxSignature=" + cbMaxSignature + ", cbBlockSize=" + 867 cbBlockSize + ", cbSecurityTrailer=" + cbSecurityTrailer + 868 '}'; 869 } 870 } 871 872 @FieldOrder({"SessionKeyLength", "SessionKey"}) 873 public static class SecPkgContext_SessionKey extends Structure { 874 875 public static class ByReference extends SecPkgContext_SessionKey implements Structure.ByReference { 876 877 } 878 879 /** 880 * Size, in bytes, of the session key. 881 */ 882 public int SessionKeyLength; 883 884 /** 885 * The session key for the security context. 886 */ 887 public Pointer SessionKey; 888 SecPkgContext_SessionKey()889 public SecPkgContext_SessionKey() { 890 super(W32APITypeMapper.DEFAULT); 891 } 892 getSessionKey()893 public byte[] getSessionKey() { 894 if(SessionKey == null) { 895 return null; 896 } 897 return SessionKey.getByteArray(0, SessionKeyLength); 898 } 899 free()900 public synchronized void free() { 901 if(SessionKey != null) { 902 Secur32.INSTANCE.FreeContextBuffer(SessionKey); 903 SessionKey = null; 904 } 905 } 906 } 907 908 @FieldOrder({"sSignatureAlgorithmName", "sEncryptAlgorithmName","KeySize", "SignatureAlgorithm", "EncryptAlgorithm"}) 909 public static class SecPkgContext_KeyInfo extends Structure { 910 /** 911 * Name, if available, of the algorithm used for generating signatures, for example "MD5" or "SHA-2". 912 */ 913 public Pointer sSignatureAlgorithmName; 914 915 /** 916 * Name, if available, of the algorithm used for encrypting messages. Reserved for future use. 917 */ 918 public Pointer sEncryptAlgorithmName; 919 920 /** 921 * Specifies the effective key length, in bits, for the session key. This is typically 40, 56, or 128 bits. 922 */ 923 public int KeySize; 924 925 /** 926 * Specifies the algorithm identifier (ALG_ID) used for generating signatures, if available. 927 */ 928 public int SignatureAlgorithm; 929 930 /** 931 * Specifies the algorithm identifier (ALG_ID) used for encrypting messages. Reserved for future use. 932 */ 933 public int EncryptAlgorithm; 934 SecPkgContext_KeyInfo()935 public SecPkgContext_KeyInfo() { 936 super(W32APITypeMapper.DEFAULT); 937 } 938 getSignatureAlgorithmName()939 public synchronized String getSignatureAlgorithmName() { 940 if(sSignatureAlgorithmName == null) { 941 return null; 942 } 943 return Boolean.getBoolean("w32.ascii") ? sSignatureAlgorithmName.getString(0) : sSignatureAlgorithmName.getWideString(0); 944 } 945 getEncryptAlgorithmName()946 public synchronized String getEncryptAlgorithmName() { 947 if(sEncryptAlgorithmName == null) { 948 return null; 949 } 950 return Boolean.getBoolean("w32.ascii") ? sEncryptAlgorithmName.getString(0) : sEncryptAlgorithmName.getWideString(0); 951 } 952 free()953 public synchronized void free() { 954 if(sSignatureAlgorithmName != null) { 955 Secur32.INSTANCE.FreeContextBuffer(sSignatureAlgorithmName); 956 sSignatureAlgorithmName = null; 957 } 958 if(sEncryptAlgorithmName != null) { 959 Secur32.INSTANCE.FreeContextBuffer(sEncryptAlgorithmName); 960 sEncryptAlgorithmName = null; 961 } 962 } 963 } 964 965 @FieldOrder({"tsStart", "tsExpiry"}) 966 public static class SecPkgContext_Lifespan extends Structure { 967 968 public static class ByReference extends SecPkgContext_Lifespan implements Structure.ByReference { 969 970 } 971 972 /** 973 * Time at which the context was established. 974 */ 975 public TimeStamp tsStart; 976 977 /** 978 * Time at which the context will expire. 979 */ 980 public TimeStamp tsExpiry; 981 SecPkgContext_Lifespan()982 public SecPkgContext_Lifespan() { 983 super(W32APITypeMapper.DEFAULT); 984 } 985 } 986 987 @FieldOrder({"PackageInfo", "NegotiationState"}) 988 public static class SecPkgContext_NegotiationInfo extends Structure { 989 990 public static class ByReference extends SecPkgContext_NegotiationInfo implements Structure.ByReference { 991 992 } 993 994 /** 995 * Time at which the context was established. 996 */ 997 public PSecPkgInfo PackageInfo; 998 999 /** 1000 * Time at which the context will expire. 1001 */ 1002 public int NegotiationState; 1003 SecPkgContext_NegotiationInfo()1004 public SecPkgContext_NegotiationInfo() { 1005 super(W32APITypeMapper.DEFAULT); 1006 } 1007 free()1008 public synchronized void free() { 1009 if(PackageInfo != null) { 1010 Secur32.INSTANCE.FreeContextBuffer(PackageInfo.pPkgInfo.getPointer()); 1011 PackageInfo = null; 1012 } 1013 } 1014 } 1015 1016 @FieldOrder({"Flags"}) 1017 public static class SecPkgContext_Flags extends Structure { 1018 1019 public static class ByReference extends SecPkgContext_Flags implements Structure.ByReference { 1020 1021 } 1022 1023 /** 1024 * Flag values for the current security context. These values correspond 1025 * to the flags negotiated by the InitializeSecurityContext (General) 1026 * and AcceptSecurityContext (General) functions. 1027 */ 1028 public int Flags; 1029 SecPkgContext_Flags()1030 public SecPkgContext_Flags() { 1031 super(W32APITypeMapper.DEFAULT); 1032 } 1033 } 1034 1035 /** 1036 * Strings in structure {@link SEC_WINNT_AUTH_IDENTITY} are ANSI 1037 */ 1038 public static final int SEC_WINNT_AUTH_IDENTITY_ANSI = 0x1; 1039 /** 1040 * String in structure {@link SEC_WINNT_AUTH_IDENTITY} are UNICODE 1041 */ 1042 public static final int SEC_WINNT_AUTH_IDENTITY_UNICODE = 0x2; 1043 1044 @FieldOrder({"User", "UserLength", "Domain", "DomainLength", "Password", "PasswordLength", "Flags"}) 1045 public static class SEC_WINNT_AUTH_IDENTITY extends Structure { 1046 /** 1047 * A string that contains the user name. 1048 */ 1049 public String User; 1050 1051 /** 1052 * The length, in characters, of the user string, not including the 1053 * terminating null character. 1054 */ 1055 public int UserLength; 1056 1057 /** 1058 * A string that contains the domain name or the workgroup name. 1059 */ 1060 public String Domain; 1061 1062 /** 1063 * The length, in characters, of the domain string, not including the 1064 * terminating null character. 1065 */ 1066 public int DomainLength; 1067 1068 /** 1069 * A string that contains the password of the user in the domain or 1070 * workgroup. When you have finished using the password, remove the 1071 * sensitive information from memory by calling SecureZeroMemory. For 1072 * more information about protecting the password, see Handling 1073 * Passwords. 1074 */ 1075 public String Password; 1076 1077 /** 1078 * The length, in characters, of the password string, not including the 1079 * terminating null character. 1080 */ 1081 public int PasswordLength; 1082 1083 /** 1084 * This member can be one of the following values. 1085 * 1086 * <table> 1087 * <tr><th>Value</th><th>Meaning</th></tr> 1088 * <tr><td>SEC_WINNT_AUTH_IDENTITY_ANSI</td><td>The strings in this structure are in ANSI format.</td></tr> 1089 * <tr><td>SEC_WINNT_AUTH_IDENTITY_UNICODE</td><td>The strings in this structure are in Unicode format.</td></tr> 1090 * </table> 1091 * 1092 * <strong>As the string encoding is managed by JNA do not change this 1093 * value!</strong> 1094 */ 1095 public int Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; 1096 1097 /** 1098 * Create a new SecBufferDesc with one SECBUFFER_EMPTY buffer. 1099 */ SEC_WINNT_AUTH_IDENTITY()1100 public SEC_WINNT_AUTH_IDENTITY() { 1101 super(W32APITypeMapper.UNICODE); 1102 } 1103 1104 @Override write()1105 public void write() { 1106 UserLength = User == null ? 0 : User.length(); 1107 DomainLength = Domain == null ? 0 : Domain.length(); 1108 PasswordLength = Password == null ? 0 : Password.length(); 1109 super.write(); 1110 } 1111 } 1112 } 1113