sspi.h (44780B)
1/** 2 * WinPR: Windows Portable Runtime 3 * Security Support Provider Interface (SSPI) 4 * 5 * Copyright 2012-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com> 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); 8 * you may not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, 15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 */ 19 20#ifndef WINPR_SSPI_H 21#define WINPR_SSPI_H 22 23#include <winpr/winpr.h> 24#include <winpr/wtypes.h> 25#include <winpr/windows.h> 26#include <winpr/security.h> 27 28#ifdef _WIN32 29 30#include <tchar.h> 31#include <winerror.h> 32 33#define SECURITY_WIN32 34#include <sspi.h> 35#include <security.h> 36 37#endif 38 39#if !defined(_WIN32) || defined(_UWP) 40 41#ifndef SEC_ENTRY 42#define SEC_ENTRY 43#endif 44 45typedef CHAR SEC_CHAR; 46typedef WCHAR SEC_WCHAR; 47 48struct _SECURITY_INTEGER 49{ 50 UINT32 LowPart; 51 INT32 HighPart; 52}; 53typedef struct _SECURITY_INTEGER SECURITY_INTEGER; 54 55typedef SECURITY_INTEGER TimeStamp; 56typedef SECURITY_INTEGER* PTimeStamp; 57 58#ifndef __SECSTATUS_DEFINED__ 59typedef LONG SECURITY_STATUS; 60#define __SECSTATUS_DEFINED__ 61#endif 62 63struct _SecPkgInfoA 64{ 65 UINT32 fCapabilities; 66 UINT16 wVersion; 67 UINT16 wRPCID; 68 UINT32 cbMaxToken; 69 SEC_CHAR* Name; 70 SEC_CHAR* Comment; 71}; 72typedef struct _SecPkgInfoA SecPkgInfoA; 73typedef SecPkgInfoA* PSecPkgInfoA; 74 75struct _SecPkgInfoW 76{ 77 UINT32 fCapabilities; 78 UINT16 wVersion; 79 UINT16 wRPCID; 80 UINT32 cbMaxToken; 81 SEC_WCHAR* Name; 82 SEC_WCHAR* Comment; 83}; 84typedef struct _SecPkgInfoW SecPkgInfoW; 85typedef SecPkgInfoW* PSecPkgInfoW; 86 87#ifdef UNICODE 88#define SecPkgInfo SecPkgInfoW 89#define PSecPkgInfo PSecPkgInfoW 90#else 91#define SecPkgInfo SecPkgInfoA 92#define PSecPkgInfo PSecPkgInfoA 93#endif 94 95#endif 96 97#define NTLM_SSP_NAME _T("NTLM") 98#define KERBEROS_SSP_NAME _T("Kerberos") 99#define NEGO_SSP_NAME _T("Negotiate") 100 101#define SECPKG_ID_NONE 0xFFFF 102 103#define SECPKG_FLAG_INTEGRITY 0x00000001 104#define SECPKG_FLAG_PRIVACY 0x00000002 105#define SECPKG_FLAG_TOKEN_ONLY 0x00000004 106#define SECPKG_FLAG_DATAGRAM 0x00000008 107#define SECPKG_FLAG_CONNECTION 0x00000010 108#define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 109#define SECPKG_FLAG_CLIENT_ONLY 0x00000040 110#define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 111#define SECPKG_FLAG_IMPERSONATION 0x00000100 112#define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 113#define SECPKG_FLAG_STREAM 0x00000400 114#define SECPKG_FLAG_NEGOTIABLE 0x00000800 115#define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 116#define SECPKG_FLAG_LOGON 0x00002000 117#define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 118#define SECPKG_FLAG_FRAGMENT 0x00008000 119#define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 120#define SECPKG_FLAG_DELEGATION 0x00020000 121#define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 122#define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000 123#define SECPKG_FLAG_NEGO_EXTENDER 0x00100000 124#define SECPKG_FLAG_NEGOTIABLE2 0x00200000 125 126#ifndef _WINERROR_ 127 128#define SEC_E_OK (SECURITY_STATUS)0x00000000L 129#define SEC_E_INSUFFICIENT_MEMORY (SECURITY_STATUS)0x80090300L 130#define SEC_E_INVALID_HANDLE (SECURITY_STATUS)0x80090301L 131#define SEC_E_UNSUPPORTED_FUNCTION (SECURITY_STATUS)0x80090302L 132#define SEC_E_TARGET_UNKNOWN (SECURITY_STATUS)0x80090303L 133#define SEC_E_INTERNAL_ERROR (SECURITY_STATUS)0x80090304L 134#define SEC_E_SECPKG_NOT_FOUND (SECURITY_STATUS)0x80090305L 135#define SEC_E_NOT_OWNER (SECURITY_STATUS)0x80090306L 136#define SEC_E_CANNOT_INSTALL (SECURITY_STATUS)0x80090307L 137#define SEC_E_INVALID_TOKEN (SECURITY_STATUS)0x80090308L 138#define SEC_E_CANNOT_PACK (SECURITY_STATUS)0x80090309L 139#define SEC_E_QOP_NOT_SUPPORTED (SECURITY_STATUS)0x8009030AL 140#define SEC_E_NO_IMPERSONATION (SECURITY_STATUS)0x8009030BL 141#define SEC_E_LOGON_DENIED (SECURITY_STATUS)0x8009030CL 142#define SEC_E_UNKNOWN_CREDENTIALS (SECURITY_STATUS)0x8009030DL 143#define SEC_E_NO_CREDENTIALS (SECURITY_STATUS)0x8009030EL 144#define SEC_E_MESSAGE_ALTERED (SECURITY_STATUS)0x8009030FL 145#define SEC_E_OUT_OF_SEQUENCE (SECURITY_STATUS)0x80090310L 146#define SEC_E_NO_AUTHENTICATING_AUTHORITY (SECURITY_STATUS)0x80090311L 147#define SEC_E_BAD_PKGID (SECURITY_STATUS)0x80090316L 148#define SEC_E_CONTEXT_EXPIRED (SECURITY_STATUS)0x80090317L 149#define SEC_E_INCOMPLETE_MESSAGE (SECURITY_STATUS)0x80090318L 150#define SEC_E_INCOMPLETE_CREDENTIALS (SECURITY_STATUS)0x80090320L 151#define SEC_E_BUFFER_TOO_SMALL (SECURITY_STATUS)0x80090321L 152#define SEC_E_WRONG_PRINCIPAL (SECURITY_STATUS)0x80090322L 153#define SEC_E_TIME_SKEW (SECURITY_STATUS)0x80090324L 154#define SEC_E_UNTRUSTED_ROOT (SECURITY_STATUS)0x80090325L 155#define SEC_E_ILLEGAL_MESSAGE (SECURITY_STATUS)0x80090326L 156#define SEC_E_CERT_UNKNOWN (SECURITY_STATUS)0x80090327L 157#define SEC_E_CERT_EXPIRED (SECURITY_STATUS)0x80090328L 158#define SEC_E_ENCRYPT_FAILURE (SECURITY_STATUS)0x80090329L 159#define SEC_E_DECRYPT_FAILURE (SECURITY_STATUS)0x80090330L 160#define SEC_E_ALGORITHM_MISMATCH (SECURITY_STATUS)0x80090331L 161#define SEC_E_SECURITY_QOS_FAILED (SECURITY_STATUS)0x80090332L 162#define SEC_E_UNFINISHED_CONTEXT_DELETED (SECURITY_STATUS)0x80090333L 163#define SEC_E_NO_TGT_REPLY (SECURITY_STATUS)0x80090334L 164#define SEC_E_NO_IP_ADDRESSES (SECURITY_STATUS)0x80090335L 165#define SEC_E_WRONG_CREDENTIAL_HANDLE (SECURITY_STATUS)0x80090336L 166#define SEC_E_CRYPTO_SYSTEM_INVALID (SECURITY_STATUS)0x80090337L 167#define SEC_E_MAX_REFERRALS_EXCEEDED (SECURITY_STATUS)0x80090338L 168#define SEC_E_MUST_BE_KDC (SECURITY_STATUS)0x80090339L 169#define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED (SECURITY_STATUS)0x8009033AL 170#define SEC_E_TOO_MANY_PRINCIPALS (SECURITY_STATUS)0x8009033BL 171#define SEC_E_NO_PA_DATA (SECURITY_STATUS)0x8009033CL 172#define SEC_E_PKINIT_NAME_MISMATCH (SECURITY_STATUS)0x8009033DL 173#define SEC_E_SMARTCARD_LOGON_REQUIRED (SECURITY_STATUS)0x8009033EL 174#define SEC_E_SHUTDOWN_IN_PROGRESS (SECURITY_STATUS)0x8009033FL 175#define SEC_E_KDC_INVALID_REQUEST (SECURITY_STATUS)0x80090340L 176#define SEC_E_KDC_UNABLE_TO_REFER (SECURITY_STATUS)0x80090341L 177#define SEC_E_KDC_UNKNOWN_ETYPE (SECURITY_STATUS)0x80090342L 178#define SEC_E_UNSUPPORTED_PREAUTH (SECURITY_STATUS)0x80090343L 179#define SEC_E_DELEGATION_REQUIRED (SECURITY_STATUS)0x80090345L 180#define SEC_E_BAD_BINDINGS (SECURITY_STATUS)0x80090346L 181#define SEC_E_MULTIPLE_ACCOUNTS (SECURITY_STATUS)0x80090347L 182#define SEC_E_NO_KERB_KEY (SECURITY_STATUS)0x80090348L 183#define SEC_E_CERT_WRONG_USAGE (SECURITY_STATUS)0x80090349L 184#define SEC_E_DOWNGRADE_DETECTED (SECURITY_STATUS)0x80090350L 185#define SEC_E_SMARTCARD_CERT_REVOKED (SECURITY_STATUS)0x80090351L 186#define SEC_E_ISSUING_CA_UNTRUSTED (SECURITY_STATUS)0x80090352L 187#define SEC_E_REVOCATION_OFFLINE_C (SECURITY_STATUS)0x80090353L 188#define SEC_E_PKINIT_CLIENT_FAILURE (SECURITY_STATUS)0x80090354L 189#define SEC_E_SMARTCARD_CERT_EXPIRED (SECURITY_STATUS)0x80090355L 190#define SEC_E_NO_S4U_PROT_SUPPORT (SECURITY_STATUS)0x80090356L 191#define SEC_E_CROSSREALM_DELEGATION_FAILURE (SECURITY_STATUS)0x80090357L 192#define SEC_E_REVOCATION_OFFLINE_KDC (SECURITY_STATUS)0x80090358L 193#define SEC_E_ISSUING_CA_UNTRUSTED_KDC (SECURITY_STATUS)0x80090359L 194#define SEC_E_KDC_CERT_EXPIRED (SECURITY_STATUS)0x8009035AL 195#define SEC_E_KDC_CERT_REVOKED (SECURITY_STATUS)0x8009035BL 196#define SEC_E_INVALID_PARAMETER (SECURITY_STATUS)0x8009035DL 197#define SEC_E_DELEGATION_POLICY (SECURITY_STATUS)0x8009035EL 198#define SEC_E_POLICY_NLTM_ONLY (SECURITY_STATUS)0x8009035FL 199#define SEC_E_NO_CONTEXT (SECURITY_STATUS)0x80090361L 200#define SEC_E_PKU2U_CERT_FAILURE (SECURITY_STATUS)0x80090362L 201#define SEC_E_MUTUAL_AUTH_FAILED (SECURITY_STATUS)0x80090363L 202 203#define SEC_I_CONTINUE_NEEDED (SECURITY_STATUS)0x00090312L 204#define SEC_I_COMPLETE_NEEDED (SECURITY_STATUS)0x00090313L 205#define SEC_I_COMPLETE_AND_CONTINUE (SECURITY_STATUS)0x00090314L 206#define SEC_I_LOCAL_LOGON (SECURITY_STATUS)0x00090315L 207#define SEC_I_CONTEXT_EXPIRED (SECURITY_STATUS)0x00090317L 208#define SEC_I_INCOMPLETE_CREDENTIALS (SECURITY_STATUS)0x00090320L 209#define SEC_I_RENEGOTIATE (SECURITY_STATUS)0x00090321L 210#define SEC_I_NO_LSA_CONTEXT (SECURITY_STATUS)0x00090323L 211#define SEC_I_SIGNATURE_NEEDED (SECURITY_STATUS)0x0009035CL 212#define SEC_I_NO_RENEGOTIATION (SECURITY_STATUS)0x00090360L 213 214#endif 215 216#define SECURITY_NATIVE_DREP 0x00000010 217#define SECURITY_NETWORK_DREP 0x00000000 218 219#define SECPKG_CRED_INBOUND 0x00000001 220#define SECPKG_CRED_OUTBOUND 0x00000002 221#define SECPKG_CRED_BOTH 0x00000003 222#define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010 223#define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020 224 225/* Security Context Attributes */ 226 227#define SECPKG_ATTR_SIZES 0 228#define SECPKG_ATTR_NAMES 1 229#define SECPKG_ATTR_LIFESPAN 2 230#define SECPKG_ATTR_DCE_INFO 3 231#define SECPKG_ATTR_STREAM_SIZES 4 232#define SECPKG_ATTR_KEY_INFO 5 233#define SECPKG_ATTR_AUTHORITY 6 234#define SECPKG_ATTR_PROTO_INFO 7 235#define SECPKG_ATTR_PASSWORD_EXPIRY 8 236#define SECPKG_ATTR_SESSION_KEY 9 237#define SECPKG_ATTR_PACKAGE_INFO 10 238#define SECPKG_ATTR_USER_FLAGS 11 239#define SECPKG_ATTR_NEGOTIATION_INFO 12 240#define SECPKG_ATTR_NATIVE_NAMES 13 241#define SECPKG_ATTR_FLAGS 14 242#define SECPKG_ATTR_USE_VALIDATED 15 243#define SECPKG_ATTR_CREDENTIAL_NAME 16 244#define SECPKG_ATTR_TARGET_INFORMATION 17 245#define SECPKG_ATTR_ACCESS_TOKEN 18 246#define SECPKG_ATTR_TARGET 19 247#define SECPKG_ATTR_AUTHENTICATION_ID 20 248#define SECPKG_ATTR_LOGOFF_TIME 21 249#define SECPKG_ATTR_NEGO_KEYS 22 250#define SECPKG_ATTR_PROMPTING_NEEDED 24 251#define SECPKG_ATTR_UNIQUE_BINDINGS 25 252#define SECPKG_ATTR_ENDPOINT_BINDINGS 26 253#define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27 254#define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30 255#define SECPKG_ATTR_NEGO_PKG_INFO 31 256#define SECPKG_ATTR_NEGO_STATUS 32 257#define SECPKG_ATTR_CONTEXT_DELETED 33 258 259#if !defined(_WIN32) || defined(_UWP) 260 261struct _SecPkgContext_AccessToken 262{ 263 void* AccessToken; 264}; 265typedef struct _SecPkgContext_AccessToken SecPkgContext_AccessToken; 266 267struct _SecPkgContext_SessionAppData 268{ 269 UINT32 dwFlags; 270 UINT32 cbAppData; 271 BYTE* pbAppData; 272}; 273typedef struct _SecPkgContext_SessionAppData SecPkgContext_SessionAppData; 274 275struct _SecPkgContext_Authority 276{ 277 char* sAuthorityName; 278}; 279typedef struct _SecPkgContext_Authority SecPkgContext_Authority; 280 281struct _SecPkgContext_ClientSpecifiedTarget 282{ 283 char* sTargetName; 284}; 285typedef struct _SecPkgContext_ClientSpecifiedTarget SecPkgContext_ClientSpecifiedTarget; 286 287typedef UINT32 ALG_ID; 288 289struct _SecPkgContext_ConnectionInfo 290{ 291 UINT32 dwProtocol; 292 ALG_ID aiCipher; 293 UINT32 dwCipherStrength; 294 ALG_ID aiHash; 295 UINT32 dwHashStrength; 296 ALG_ID aiExch; 297 UINT32 dwExchStrength; 298}; 299typedef struct _SecPkgContext_ConnectionInfo SecPkgContext_ConnectionInfo; 300 301struct _SecPkgContext_ClientCreds 302{ 303 UINT32 AuthBufferLen; 304 BYTE* AuthBuffer; 305}; 306typedef struct _SecPkgContext_ClientCreds SecPkgContext_ClientCreds; 307 308struct _SecPkgContex_DceInfo 309{ 310 UINT32 AuthzSvc; 311 void* pPac; 312}; 313typedef struct _SecPkgContex_DceInfo SecPkgContex_DceInfo; 314 315struct _SEC_CHANNEL_BINDINGS 316{ 317 UINT32 dwInitiatorAddrType; 318 UINT32 cbInitiatorLength; 319 UINT32 dwInitiatorOffset; 320 UINT32 dwAcceptorAddrType; 321 UINT32 cbAcceptorLength; 322 UINT32 dwAcceptorOffset; 323 UINT32 cbApplicationDataLength; 324 UINT32 dwApplicationDataOffset; 325}; 326typedef struct _SEC_CHANNEL_BINDINGS SEC_CHANNEL_BINDINGS; 327 328struct _SecPkgContext_Bindings 329{ 330 UINT32 BindingsLength; 331 SEC_CHANNEL_BINDINGS* Bindings; 332}; 333typedef struct _SecPkgContext_Bindings SecPkgContext_Bindings; 334 335struct _SecPkgContext_EapKeyBlock 336{ 337 BYTE rgbKeys[128]; 338 BYTE rgbIVs[64]; 339}; 340typedef struct _SecPkgContext_EapKeyBlock SecPkgContext_EapKeyBlock; 341 342struct _SecPkgContext_Flags 343{ 344 UINT32 Flags; 345}; 346typedef struct _SecPkgContext_Flags SecPkgContext_Flags; 347 348struct _SecPkgContext_KeyInfo 349{ 350 char* sSignatureAlgorithmName; 351 char* sEncryptAlgorithmName; 352 UINT32 KeySize; 353 UINT32 SignatureAlgorithm; 354 UINT32 EncryptAlgorithm; 355}; 356typedef struct _SecPkgContext_KeyInfo SecPkgContext_KeyInfo; 357 358struct _SecPkgContext_Lifespan 359{ 360 TimeStamp tsStart; 361 TimeStamp tsExpiry; 362}; 363typedef struct _SecPkgContext_Lifespan SecPkgContext_Lifespan; 364 365struct _SecPkgContext_Names 366{ 367 char* sUserName; 368}; 369typedef struct _SecPkgContext_Names SecPkgContext_Names; 370 371struct _SecPkgContext_NativeNames 372{ 373 char* sClientName; 374 char* sServerName; 375}; 376typedef struct _SecPkgContext_NativeNames SecPkgContext_NativeNames; 377 378struct _SecPkgContext_NegotiationInfo 379{ 380 SecPkgInfo* PackageInfo; 381 UINT32 NegotiationState; 382}; 383typedef struct _SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfo; 384 385struct _SecPkgContext_PackageInfo 386{ 387 SecPkgInfo* PackageInfo; 388}; 389typedef struct _SecPkgContext_PackageInfo SecPkgContext_PackageInfo; 390 391struct _SecPkgContext_PasswordExpiry 392{ 393 TimeStamp tsPasswordExpires; 394}; 395typedef struct _SecPkgContext_PasswordExpiry SecPkgContext_PasswordExpiry; 396 397struct _SecPkgContext_SessionKey 398{ 399 UINT32 SessionKeyLength; 400 BYTE* SessionKey; 401}; 402typedef struct _SecPkgContext_SessionKey SecPkgContext_SessionKey; 403 404struct _SecPkgContext_SessionInfo 405{ 406 UINT32 dwFlags; 407 UINT32 cbSessionId; 408 BYTE rgbSessionId[32]; 409}; 410typedef struct _SecPkgContext_SessionInfo SecPkgContext_SessionInfo; 411 412struct _SecPkgContext_Sizes 413{ 414 UINT32 cbMaxToken; 415 UINT32 cbMaxSignature; 416 UINT32 cbBlockSize; 417 UINT32 cbSecurityTrailer; 418}; 419typedef struct _SecPkgContext_Sizes SecPkgContext_Sizes; 420 421struct _SecPkgContext_StreamSizes 422{ 423 UINT32 cbHeader; 424 UINT32 cbTrailer; 425 UINT32 cbMaximumMessage; 426 UINT32 cBuffers; 427 UINT32 cbBlockSize; 428}; 429typedef struct _SecPkgContext_StreamSizes SecPkgContext_StreamSizes; 430 431struct _SecPkgContext_SubjectAttributes 432{ 433 void* AttributeInfo; 434}; 435typedef struct _SecPkgContext_SubjectAttributes SecPkgContext_SubjectAttributes; 436 437struct _SecPkgContext_SupportedSignatures 438{ 439 UINT16 cSignatureAndHashAlgorithms; 440 UINT16* pSignatureAndHashAlgorithms; 441}; 442typedef struct _SecPkgContext_SupportedSignatures SecPkgContext_SupportedSignatures; 443 444struct _SecPkgContext_TargetInformation 445{ 446 UINT32 MarshalledTargetInfoLength; 447 BYTE* MarshalledTargetInfo; 448}; 449typedef struct _SecPkgContext_TargetInformation SecPkgContext_TargetInformation; 450 451/* Security Credentials Attributes */ 452 453#define SECPKG_CRED_ATTR_NAMES 1 454 455struct _SecPkgCredentials_NamesA 456{ 457 SEC_CHAR* sUserName; 458}; 459typedef struct _SecPkgCredentials_NamesA SecPkgCredentials_NamesA; 460typedef SecPkgCredentials_NamesA* PSecPkgCredentials_NamesA; 461 462struct _SecPkgCredentials_NamesW 463{ 464 SEC_WCHAR* sUserName; 465}; 466typedef struct _SecPkgCredentials_NamesW SecPkgCredentials_NamesW; 467typedef SecPkgCredentials_NamesW* PSecPkgCredentials_NamesW; 468 469#ifdef UNICODE 470#define SecPkgCredentials_Names SecPkgCredentials_NamesW 471#define PSecPkgCredentials_Names PSecPkgCredentials_NamesW 472#else 473#define SecPkgCredentials_Names SecPkgCredentials_NamesA 474#define PSecPkgCredentials_Names PSecPkgCredentials_NamesA 475#endif 476 477#endif 478 479/* InitializeSecurityContext Flags */ 480 481#define ISC_REQ_DELEGATE 0x00000001 482#define ISC_REQ_MUTUAL_AUTH 0x00000002 483#define ISC_REQ_REPLAY_DETECT 0x00000004 484#define ISC_REQ_SEQUENCE_DETECT 0x00000008 485#define ISC_REQ_CONFIDENTIALITY 0x00000010 486#define ISC_REQ_USE_SESSION_KEY 0x00000020 487#define ISC_REQ_PROMPT_FOR_CREDS 0x00000040 488#define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080 489#define ISC_REQ_ALLOCATE_MEMORY 0x00000100 490#define ISC_REQ_USE_DCE_STYLE 0x00000200 491#define ISC_REQ_DATAGRAM 0x00000400 492#define ISC_REQ_CONNECTION 0x00000800 493#define ISC_REQ_CALL_LEVEL 0x00001000 494#define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000 495#define ISC_REQ_EXTENDED_ERROR 0x00004000 496#define ISC_REQ_STREAM 0x00008000 497#define ISC_REQ_INTEGRITY 0x00010000 498#define ISC_REQ_IDENTIFY 0x00020000 499#define ISC_REQ_NULL_SESSION 0x00040000 500#define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000 501#define ISC_REQ_RESERVED1 0x00100000 502#define ISC_REQ_FRAGMENT_TO_FIT 0x00200000 503#define ISC_REQ_FORWARD_CREDENTIALS 0x00400000 504#define ISC_REQ_NO_INTEGRITY 0x00800000 505#define ISC_REQ_USE_HTTP_STYLE 0x01000000 506 507#define ISC_RET_DELEGATE 0x00000001 508#define ISC_RET_MUTUAL_AUTH 0x00000002 509#define ISC_RET_REPLAY_DETECT 0x00000004 510#define ISC_RET_SEQUENCE_DETECT 0x00000008 511#define ISC_RET_CONFIDENTIALITY 0x00000010 512#define ISC_RET_USE_SESSION_KEY 0x00000020 513#define ISC_RET_USED_COLLECTED_CREDS 0x00000040 514#define ISC_RET_USED_SUPPLIED_CREDS 0x00000080 515#define ISC_RET_ALLOCATED_MEMORY 0x00000100 516#define ISC_RET_USED_DCE_STYLE 0x00000200 517#define ISC_RET_DATAGRAM 0x00000400 518#define ISC_RET_CONNECTION 0x00000800 519#define ISC_RET_INTERMEDIATE_RETURN 0x00001000 520#define ISC_RET_CALL_LEVEL 0x00002000 521#define ISC_RET_EXTENDED_ERROR 0x00004000 522#define ISC_RET_STREAM 0x00008000 523#define ISC_RET_INTEGRITY 0x00010000 524#define ISC_RET_IDENTIFY 0x00020000 525#define ISC_RET_NULL_SESSION 0x00040000 526#define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000 527#define ISC_RET_RESERVED1 0x00100000 528#define ISC_RET_FRAGMENT_ONLY 0x00200000 529#define ISC_RET_FORWARD_CREDENTIALS 0x00400000 530#define ISC_RET_USED_HTTP_STYLE 0x01000000 531 532/* AcceptSecurityContext Flags */ 533 534#define ASC_REQ_DELEGATE 0x00000001 535#define ASC_REQ_MUTUAL_AUTH 0x00000002 536#define ASC_REQ_REPLAY_DETECT 0x00000004 537#define ASC_REQ_SEQUENCE_DETECT 0x00000008 538#define ASC_REQ_CONFIDENTIALITY 0x00000010 539#define ASC_REQ_USE_SESSION_KEY 0x00000020 540#define ASC_REQ_ALLOCATE_MEMORY 0x00000100 541#define ASC_REQ_USE_DCE_STYLE 0x00000200 542#define ASC_REQ_DATAGRAM 0x00000400 543#define ASC_REQ_CONNECTION 0x00000800 544#define ASC_REQ_CALL_LEVEL 0x00001000 545#define ASC_REQ_EXTENDED_ERROR 0x00008000 546#define ASC_REQ_STREAM 0x00010000 547#define ASC_REQ_INTEGRITY 0x00020000 548#define ASC_REQ_LICENSING 0x00040000 549#define ASC_REQ_IDENTIFY 0x00080000 550#define ASC_REQ_ALLOW_NULL_SESSION 0x00100000 551#define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000 552#define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000 553#define ASC_REQ_FRAGMENT_TO_FIT 0x00800000 554#define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000 555#define ASC_REQ_NO_TOKEN 0x01000000 556#define ASC_REQ_PROXY_BINDINGS 0x04000000 557#define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000 558 559#define ASC_RET_DELEGATE 0x00000001 560#define ASC_RET_MUTUAL_AUTH 0x00000002 561#define ASC_RET_REPLAY_DETECT 0x00000004 562#define ASC_RET_SEQUENCE_DETECT 0x00000008 563#define ASC_RET_CONFIDENTIALITY 0x00000010 564#define ASC_RET_USE_SESSION_KEY 0x00000020 565#define ASC_RET_ALLOCATED_MEMORY 0x00000100 566#define ASC_RET_USED_DCE_STYLE 0x00000200 567#define ASC_RET_DATAGRAM 0x00000400 568#define ASC_RET_CONNECTION 0x00000800 569#define ASC_RET_CALL_LEVEL 0x00002000 570#define ASC_RET_THIRD_LEG_FAILED 0x00004000 571#define ASC_RET_EXTENDED_ERROR 0x00008000 572#define ASC_RET_STREAM 0x00010000 573#define ASC_RET_INTEGRITY 0x00020000 574#define ASC_RET_LICENSING 0x00040000 575#define ASC_RET_IDENTIFY 0x00080000 576#define ASC_RET_NULL_SESSION 0x00100000 577#define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000 578#define ASC_RET_FRAGMENT_ONLY 0x00800000 579#define ASC_RET_NO_TOKEN 0x01000000 580#define ASC_RET_NO_PROXY_BINDINGS 0x04000000 581#define ASC_RET_MISSING_BINDINGS 0x10000000 582 583#define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1 584#define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2 585 586#if !defined(_WIN32) || defined(_UWP) 587 588#ifndef _AUTH_IDENTITY_DEFINED 589#define _AUTH_IDENTITY_DEFINED 590 591typedef struct _SEC_WINNT_AUTH_IDENTITY_W 592{ 593 /* TSPasswordCreds */ 594 UINT16* User; 595 UINT32 UserLength; 596 UINT16* Domain; 597 UINT32 DomainLength; 598 UINT16* Password; 599 UINT32 PasswordLength; 600 UINT32 Flags; 601} SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W; 602 603typedef struct _SEC_WINNT_AUTH_IDENTITY_A 604{ 605 /* TSPasswordCreds */ 606 BYTE* User; 607 UINT32 UserLength; 608 BYTE* Domain; 609 UINT32 DomainLength; 610 BYTE* Password; 611 UINT32 PasswordLength; 612 UINT32 Flags; 613} SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A; 614 615struct _SEC_WINNT_AUTH_IDENTITY 616{ 617 /* TSPasswordCreds */ 618 UINT16* User; 619 UINT32 UserLength; 620 UINT16* Domain; 621 UINT32 DomainLength; 622 UINT16* Password; 623 UINT32 PasswordLength; 624 UINT32 Flags; 625}; 626typedef struct _SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY; 627 628#endif /* _AUTH_IDENTITY_DEFINED */ 629 630struct _SecHandle 631{ 632 ULONG_PTR dwLower; 633 ULONG_PTR dwUpper; 634}; 635typedef struct _SecHandle SecHandle; 636typedef SecHandle* PSecHandle; 637 638typedef SecHandle CredHandle; 639typedef CredHandle* PCredHandle; 640typedef SecHandle CtxtHandle; 641typedef CtxtHandle* PCtxtHandle; 642 643#define SecInvalidateHandle(x) \ 644 ((PSecHandle)(x))->dwLower = ((PSecHandle)(x))->dwUpper = ((ULONG_PTR)((INT_PTR)-1)); 645 646#define SecIsValidHandle(x) \ 647 ((((PSecHandle)(x))->dwLower != ((ULONG_PTR)((INT_PTR)-1))) && \ 648 (((PSecHandle)(x))->dwUpper != ((ULONG_PTR)((INT_PTR)-1)))) 649 650#endif 651 652#define SECBUFFER_VERSION 0 653 654/* Buffer Types */ 655#define SECBUFFER_EMPTY 0 656#define SECBUFFER_DATA 1 657#define SECBUFFER_TOKEN 2 658#define SECBUFFER_PKG_PARAMS 3 659#define SECBUFFER_MISSING 4 660#define SECBUFFER_EXTRA 5 661#define SECBUFFER_STREAM_TRAILER 6 662#define SECBUFFER_STREAM_HEADER 7 663#define SECBUFFER_NEGOTIATION_INFO 8 664#define SECBUFFER_PADDING 9 665#define SECBUFFER_STREAM 10 666#define SECBUFFER_MECHLIST 11 667#define SECBUFFER_MECHLIST_SIGNATURE 12 668#define SECBUFFER_TARGET 13 669#define SECBUFFER_CHANNEL_BINDINGS 14 670#define SECBUFFER_CHANGE_PASS_RESPONSE 15 671#define SECBUFFER_TARGET_HOST 16 672#define SECBUFFER_ALERT 17 673 674/* Security Buffer Flags */ 675#define SECBUFFER_ATTRMASK 0xF0000000 676#define SECBUFFER_READONLY 0x80000000 677#define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 678#define SECBUFFER_RESERVED 0x60000000 679 680#if !defined(_WIN32) || defined(_UWP) 681 682struct _SecBuffer 683{ 684 ULONG cbBuffer; 685 ULONG BufferType; 686 void* pvBuffer; 687}; 688typedef struct _SecBuffer SecBuffer; 689typedef SecBuffer* PSecBuffer; 690 691struct _SecBufferDesc 692{ 693 ULONG ulVersion; 694 ULONG cBuffers; 695 PSecBuffer pBuffers; 696}; 697typedef struct _SecBufferDesc SecBufferDesc; 698typedef SecBufferDesc* PSecBufferDesc; 699 700typedef void(SEC_ENTRY* SEC_GET_KEY_FN)(void* Arg, void* Principal, UINT32 KeyVer, void** Key, 701 SECURITY_STATUS* pStatus); 702 703typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_A)(ULONG* pcPackages, 704 PSecPkgInfoA* ppPackageInfo); 705typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_W)(ULONG* pcPackages, 706 PSecPkgInfoW* ppPackageInfo); 707 708#ifdef UNICODE 709#define EnumerateSecurityPackages EnumerateSecurityPackagesW 710#define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W 711#else 712#define EnumerateSecurityPackages EnumerateSecurityPackagesA 713#define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A 714#endif 715 716typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential, 717 ULONG ulAttribute, 718 void* pBuffer); 719typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential, 720 ULONG ulAttribute, 721 void* pBuffer); 722 723#ifdef UNICODE 724#define QueryCredentialsAttributes QueryCredentialsAttributesW 725#define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W 726#else 727#define QueryCredentialsAttributes QueryCredentialsAttributesA 728#define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A 729#endif 730 731typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_A)( 732 LPSTR pszPrincipal, LPSTR pszPackage, ULONG fCredentialUse, void* pvLogonID, void* pAuthData, 733 SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, 734 PTimeStamp ptsExpiry); 735typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_W)( 736 LPWSTR pszPrincipal, LPWSTR pszPackage, ULONG fCredentialUse, void* pvLogonID, void* pAuthData, 737 SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, 738 PTimeStamp ptsExpiry); 739 740#ifdef UNICODE 741#define AcquireCredentialsHandle AcquireCredentialsHandleW 742#define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W 743#else 744#define AcquireCredentialsHandle AcquireCredentialsHandleA 745#define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A 746#endif 747 748typedef SECURITY_STATUS(SEC_ENTRY* FREE_CREDENTIALS_HANDLE_FN)(PCredHandle phCredential); 749 750typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_A)( 751 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq, 752 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, 753 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); 754typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_W)( 755 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq, 756 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, 757 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); 758 759#ifdef UNICODE 760#define InitializeSecurityContext InitializeSecurityContextW 761#define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W 762#else 763#define InitializeSecurityContext InitializeSecurityContextA 764#define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A 765#endif 766 767typedef SECURITY_STATUS(SEC_ENTRY* ACCEPT_SECURITY_CONTEXT_FN)( 768 PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq, 769 ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, 770 PTimeStamp ptsTimeStamp); 771 772typedef SECURITY_STATUS(SEC_ENTRY* COMPLETE_AUTH_TOKEN_FN)(PCtxtHandle phContext, 773 PSecBufferDesc pToken); 774 775typedef SECURITY_STATUS(SEC_ENTRY* DELETE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); 776 777typedef SECURITY_STATUS(SEC_ENTRY* APPLY_CONTROL_TOKEN_FN)(PCtxtHandle phContext, 778 PSecBufferDesc pInput); 779 780typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, 781 ULONG ulAttribute, void* pBuffer); 782typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, 783 ULONG ulAttribute, void* pBuffer); 784 785#ifdef UNICODE 786#define QueryContextAttributes QueryContextAttributesW 787#define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W 788#else 789#define QueryContextAttributes QueryContextAttributesA 790#define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A 791#endif 792 793typedef SECURITY_STATUS(SEC_ENTRY* IMPERSONATE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); 794 795typedef SECURITY_STATUS(SEC_ENTRY* REVERT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); 796 797typedef SECURITY_STATUS(SEC_ENTRY* MAKE_SIGNATURE_FN)(PCtxtHandle phContext, ULONG fQOP, 798 PSecBufferDesc pMessage, ULONG MessageSeqNo); 799 800typedef SECURITY_STATUS(SEC_ENTRY* VERIFY_SIGNATURE_FN)(PCtxtHandle phContext, 801 PSecBufferDesc pMessage, ULONG MessageSeqNo, 802 PULONG pfQOP); 803 804typedef SECURITY_STATUS(SEC_ENTRY* FREE_CONTEXT_BUFFER_FN)(void* pvContextBuffer); 805 806typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_A)(SEC_CHAR* pszPackageName, 807 PSecPkgInfoA* ppPackageInfo); 808typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR* pszPackageName, 809 PSecPkgInfoW* ppPackageInfo); 810 811#ifdef UNICODE 812#define QuerySecurityPackageInfo QuerySecurityPackageInfoW 813#define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W 814#else 815#define QuerySecurityPackageInfo QuerySecurityPackageInfoA 816#define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A 817#endif 818 819typedef SECURITY_STATUS(SEC_ENTRY* EXPORT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext, ULONG fFlags, 820 PSecBuffer pPackedContext, 821 HANDLE* pToken); 822 823typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_A)(SEC_CHAR* pszPackage, 824 PSecBuffer pPackedContext, 825 HANDLE pToken, 826 PCtxtHandle phContext); 827typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* pszPackage, 828 PSecBuffer pPackedContext, 829 HANDLE pToken, 830 PCtxtHandle phContext); 831 832#ifdef UNICODE 833#define ImportSecurityContext ImportSecurityContextW 834#define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W 835#else 836#define ImportSecurityContext ImportSecurityContextA 837#define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A 838#endif 839 840typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_A)( 841 PCredHandle hCredentials, SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, UINT32 fCredentialUse, 842 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry); 843typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_W)( 844 PCredHandle hCredentials, SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, UINT32 fCredentialUse, 845 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry); 846 847#ifdef UNICODE 848#define AddCredentials AddCredentialsW 849#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W 850#else 851#define AddCredentials AddCredentialsA 852#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A 853#endif 854 855typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_CONTEXT_TOKEN_FN)(PCtxtHandle phContext, 856 HANDLE* phToken); 857 858typedef SECURITY_STATUS(SEC_ENTRY* ENCRYPT_MESSAGE_FN)(PCtxtHandle phContext, ULONG fQOP, 859 PSecBufferDesc pMessage, ULONG MessageSeqNo); 860 861typedef SECURITY_STATUS(SEC_ENTRY* DECRYPT_MESSAGE_FN)(PCtxtHandle phContext, 862 PSecBufferDesc pMessage, ULONG MessageSeqNo, 863 PULONG pfQOP); 864 865typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, 866 ULONG ulAttribute, void* pBuffer, 867 ULONG cbBuffer); 868typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, 869 ULONG ulAttribute, void* pBuffer, 870 ULONG cbBuffer); 871 872#ifdef UNICODE 873#define SetContextAttributes SetContextAttributesW 874#define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W 875#else 876#define SetContextAttributes SetContextAttributesA 877#define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A 878#endif 879 880#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION \ 881 1 /* Interface has all routines through DecryptMessage */ 882#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 \ 883 2 /* Interface has all routines through SetContextAttributes */ 884#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 \ 885 3 /* Interface has all routines through SetCredentialsAttributes */ 886#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 \ 887 4 /* Interface has all routines through ChangeAccountPassword */ 888 889struct _SecurityFunctionTableA 890{ 891 UINT32 dwVersion; 892 ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA; 893 QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA; 894 ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA; 895 FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle; 896 void* Reserved2; 897 INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA; 898 ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext; 899 COMPLETE_AUTH_TOKEN_FN CompleteAuthToken; 900 DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext; 901 APPLY_CONTROL_TOKEN_FN ApplyControlToken; 902 QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA; 903 IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext; 904 REVERT_SECURITY_CONTEXT_FN RevertSecurityContext; 905 MAKE_SIGNATURE_FN MakeSignature; 906 VERIFY_SIGNATURE_FN VerifySignature; 907 FREE_CONTEXT_BUFFER_FN FreeContextBuffer; 908 QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA; 909 void* Reserved3; 910 void* Reserved4; 911 EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext; 912 IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA; 913 ADD_CREDENTIALS_FN_A AddCredentialsA; 914 void* Reserved8; 915 QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken; 916 ENCRYPT_MESSAGE_FN EncryptMessage; 917 DECRYPT_MESSAGE_FN DecryptMessage; 918 SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA; 919}; 920typedef struct _SecurityFunctionTableA SecurityFunctionTableA; 921typedef SecurityFunctionTableA* PSecurityFunctionTableA; 922 923struct _SecurityFunctionTableW 924{ 925 UINT32 dwVersion; 926 ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW; 927 QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW; 928 ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW; 929 FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle; 930 void* Reserved2; 931 INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW; 932 ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext; 933 COMPLETE_AUTH_TOKEN_FN CompleteAuthToken; 934 DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext; 935 APPLY_CONTROL_TOKEN_FN ApplyControlToken; 936 QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW; 937 IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext; 938 REVERT_SECURITY_CONTEXT_FN RevertSecurityContext; 939 MAKE_SIGNATURE_FN MakeSignature; 940 VERIFY_SIGNATURE_FN VerifySignature; 941 FREE_CONTEXT_BUFFER_FN FreeContextBuffer; 942 QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW; 943 void* Reserved3; 944 void* Reserved4; 945 EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext; 946 IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW; 947 ADD_CREDENTIALS_FN_W AddCredentialsW; 948 void* Reserved8; 949 QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken; 950 ENCRYPT_MESSAGE_FN EncryptMessage; 951 DECRYPT_MESSAGE_FN DecryptMessage; 952 SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW; 953}; 954typedef struct _SecurityFunctionTableW SecurityFunctionTableW; 955typedef SecurityFunctionTableW* PSecurityFunctionTableW; 956 957typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_A)(void); 958typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_W)(void); 959 960#ifdef UNICODE 961#define InitSecurityInterface InitSecurityInterfaceW 962#define SecurityFunctionTable SecurityFunctionTableW 963#define PSecurityFunctionTable PSecurityFunctionTableW 964#define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W 965#else 966#define InitSecurityInterface InitSecurityInterfaceA 967#define SecurityFunctionTable SecurityFunctionTableA 968#define PSecurityFunctionTable PSecurityFunctionTableA 969#define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A 970#endif 971 972#ifdef __cplusplus 973extern "C" 974{ 975#endif 976 977 /* Package Management */ 978 979 WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesA(ULONG* pcPackages, 980 PSecPkgInfoA* ppPackageInfo); 981 WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesW(ULONG* pcPackages, 982 PSecPkgInfoW* ppPackageInfo); 983 984 WINPR_API PSecurityFunctionTableA SEC_ENTRY InitSecurityInterfaceA(void); 985 WINPR_API PSecurityFunctionTableW SEC_ENTRY InitSecurityInterfaceW(void); 986 987 WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName, 988 PSecPkgInfoA* ppPackageInfo); 989 WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName, 990 PSecPkgInfoW* ppPackageInfo); 991 992 /* Credential Management */ 993 994 WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleA( 995 SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID, 996 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, 997 PTimeStamp ptsExpiry); 998 WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleW( 999 SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID, 1000 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, 1001 PTimeStamp ptsExpiry); 1002 1003 WINPR_API SECURITY_STATUS SEC_ENTRY ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags, 1004 PSecBuffer pPackedContext, 1005 HANDLE* pToken); 1006 WINPR_API SECURITY_STATUS SEC_ENTRY FreeCredentialsHandle(PCredHandle phCredential); 1007 1008 WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextA(SEC_CHAR* pszPackage, 1009 PSecBuffer pPackedContext, 1010 HANDLE pToken, 1011 PCtxtHandle phContext); 1012 WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextW(SEC_WCHAR* pszPackage, 1013 PSecBuffer pPackedContext, 1014 HANDLE pToken, 1015 PCtxtHandle phContext); 1016 1017 WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesA(PCredHandle phCredential, 1018 ULONG ulAttribute, 1019 void* pBuffer); 1020 WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesW(PCredHandle phCredential, 1021 ULONG ulAttribute, 1022 void* pBuffer); 1023 1024 /* Context Management */ 1025 1026 WINPR_API SECURITY_STATUS SEC_ENTRY 1027 AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, 1028 ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, 1029 PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp); 1030 1031 WINPR_API SECURITY_STATUS SEC_ENTRY ApplyControlToken(PCtxtHandle phContext, 1032 PSecBufferDesc pInput); 1033 WINPR_API SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext, 1034 PSecBufferDesc pToken); 1035 WINPR_API SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext); 1036 WINPR_API SECURITY_STATUS SEC_ENTRY FreeContextBuffer(void* pvContextBuffer); 1037 WINPR_API SECURITY_STATUS SEC_ENTRY ImpersonateSecurityContext(PCtxtHandle phContext); 1038 1039 WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextA( 1040 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq, 1041 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, 1042 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, 1043 PTimeStamp ptsExpiry); 1044 WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextW( 1045 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, 1046 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, 1047 ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, 1048 PTimeStamp ptsExpiry); 1049 1050 WINPR_API SECURITY_STATUS SEC_ENTRY QueryContextAttributes(PCtxtHandle phContext, 1051 ULONG ulAttribute, void* pBuffer); 1052 WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityContextToken(PCtxtHandle phContext, 1053 HANDLE* phToken); 1054 WINPR_API SECURITY_STATUS SEC_ENTRY SetContextAttributes(PCtxtHandle phContext, 1055 ULONG ulAttribute, void* pBuffer, 1056 ULONG cbBuffer); 1057 WINPR_API SECURITY_STATUS SEC_ENTRY RevertSecurityContext(PCtxtHandle phContext); 1058 1059 /* Message Support */ 1060 1061 WINPR_API SECURITY_STATUS SEC_ENTRY DecryptMessage(PCtxtHandle phContext, 1062 PSecBufferDesc pMessage, ULONG MessageSeqNo, 1063 PULONG pfQOP); 1064 WINPR_API SECURITY_STATUS SEC_ENTRY EncryptMessage(PCtxtHandle phContext, ULONG fQOP, 1065 PSecBufferDesc pMessage, ULONG MessageSeqNo); 1066 WINPR_API SECURITY_STATUS SEC_ENTRY MakeSignature(PCtxtHandle phContext, ULONG fQOP, 1067 PSecBufferDesc pMessage, ULONG MessageSeqNo); 1068 WINPR_API SECURITY_STATUS SEC_ENTRY VerifySignature(PCtxtHandle phContext, 1069 PSecBufferDesc pMessage, ULONG MessageSeqNo, 1070 PULONG pfQOP); 1071 1072#ifdef __cplusplus 1073} 1074#endif 1075 1076#endif 1077 1078#ifdef __cplusplus 1079extern "C" 1080{ 1081#endif 1082 1083 /* Custom API */ 1084 1085#define SECPKG_ATTR_AUTH_IDENTITY 1001 1086#define SECPKG_ATTR_AUTH_PASSWORD 1002 1087#define SECPKG_ATTR_AUTH_NTLM_HASH 1003 1088#define SECPKG_ATTR_AUTH_NTLM_SAM_FILE 1004 1089#define SECPKG_ATTR_AUTH_NTLM_MESSAGE 1100 1090#define SECPKG_ATTR_AUTH_NTLM_TIMESTAMP 1101 1091#define SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE 1102 1092#define SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE 1103 1093#define SECPKG_ATTR_AUTH_NTLM_NTPROOF_VALUE 1104 1094#define SECPKG_ATTR_AUTH_NTLM_RANDKEY 1105 1095#define SECPKG_ATTR_AUTH_NTLM_MIC 1106 1096#define SECPKG_ATTR_AUTH_NTLM_MIC_VALUE 1107 1097#define SECPKG_ATTR_AUTH_NTLM_HASH_CB 1108 1098#define SECPKG_ATTR_AUTH_NTLM_HASH_CB_DATA 1109 1099 1100 struct _SecPkgContext_AuthIdentity 1101 { 1102 char User[256 + 1]; 1103 char Domain[256 + 1]; 1104 }; 1105 typedef struct _SecPkgContext_AuthIdentity SecPkgContext_AuthIdentity; 1106 1107 struct _SecPkgContext_AuthPassword 1108 { 1109 char Password[256 + 1]; 1110 }; 1111 typedef struct _SecPkgContext_AuthPassword SecPkgContext_AuthPassword; 1112 1113 struct _SecPkgContext_AuthNtlmHash 1114 { 1115 int Version; 1116 BYTE NtlmHash[16]; 1117 }; 1118 typedef struct _SecPkgContext_AuthNtlmHash SecPkgContext_AuthNtlmHash; 1119 1120 struct _SecPkgContext_AuthNtlmTimestamp 1121 { 1122 BYTE Timestamp[8]; 1123 BOOL ChallengeOrResponse; 1124 }; 1125 typedef struct _SecPkgContext_AuthNtlmTimestamp SecPkgContext_AuthNtlmTimestamp; 1126 1127 struct _SecPkgContext_AuthNtlmClientChallenge 1128 { 1129 BYTE ClientChallenge[8]; 1130 }; 1131 typedef struct _SecPkgContext_AuthNtlmClientChallenge SecPkgContext_AuthNtlmClientChallenge; 1132 1133 struct _SecPkgContext_AuthNtlmServerChallenge 1134 { 1135 BYTE ServerChallenge[8]; 1136 }; 1137 typedef struct _SecPkgContext_AuthNtlmServerChallenge SecPkgContext_AuthNtlmServerChallenge; 1138 1139 struct _SecPkgContext_AuthNtlmMessage 1140 { 1141 UINT32 type; 1142 UINT32 length; 1143 BYTE* buffer; 1144 }; 1145 typedef struct _SecPkgContext_AuthNtlmMessage SecPkgContext_AuthNtlmMessage; 1146 1147#define SSPI_INTERFACE_WINPR 0x00000001 1148#define SSPI_INTERFACE_NATIVE 0x00000002 1149 1150 typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_A)(DWORD flags); 1151 typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_W)(DWORD flags); 1152 1153 WINPR_API void sspi_GlobalInit(void); 1154 WINPR_API void sspi_GlobalFinish(void); 1155 1156 WINPR_API void* sspi_SecBufferAlloc(PSecBuffer SecBuffer, ULONG size); 1157 WINPR_API void sspi_SecBufferFree(PSecBuffer SecBuffer); 1158 1159 WINPR_API int sspi_SetAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, const char* user, 1160 const char* domain, const char* password); 1161 WINPR_API int sspi_SetAuthIdentityWithUnicodePassword(SEC_WINNT_AUTH_IDENTITY* identity, 1162 const char* user, const char* domain, 1163 LPWSTR password, ULONG passwordLength); 1164 WINPR_API int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, 1165 SEC_WINNT_AUTH_IDENTITY* srcIdentity); 1166 1167 WINPR_API const char* GetSecurityStatusString(SECURITY_STATUS status); 1168 1169 WINPR_API SecurityFunctionTableW* SEC_ENTRY InitSecurityInterfaceExW(DWORD flags); 1170 WINPR_API SecurityFunctionTableA* SEC_ENTRY InitSecurityInterfaceExA(DWORD flags); 1171 1172#ifdef UNICODE 1173#define InitSecurityInterfaceEx InitSecurityInterfaceExW 1174#define INIT_SECURITY_INTERFACE_EX INIT_SECURITY_INTERFACE_EX_W 1175#else 1176#define InitSecurityInterfaceEx InitSecurityInterfaceExA 1177#define INIT_SECURITY_INTERFACE_EX INIT_SECURITY_INTERFACE_EX_A 1178#endif 1179 1180#ifdef __cplusplus 1181} 1182#endif 1183 1184#endif /* WINPR_SSPI_H */