270 lines
11 KiB
C
270 lines
11 KiB
C
/*
|
|
* secur32 private definitions.
|
|
*
|
|
* Copyright (C) 2004 Juan Lang
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
|
|
*/
|
|
|
|
#ifndef __SECUR32_PRIV_H__
|
|
#define __SECUR32_PRIV_H__
|
|
|
|
#include <sys/types.h>
|
|
#include <limits.h>
|
|
#include "wine/list.h"
|
|
#include "schannel.h"
|
|
|
|
typedef struct _SecureProvider
|
|
{
|
|
struct list entry;
|
|
BOOL loaded;
|
|
PWSTR moduleName;
|
|
HMODULE lib;
|
|
SecurityFunctionTableA fnTableA;
|
|
SecurityFunctionTableW fnTableW;
|
|
} SecureProvider;
|
|
|
|
typedef struct _SecurePackage
|
|
{
|
|
struct list entry;
|
|
SecPkgInfoW infoW;
|
|
SecureProvider *provider;
|
|
} SecurePackage;
|
|
|
|
typedef enum _helper_mode {
|
|
NTLM_SERVER,
|
|
NTLM_CLIENT,
|
|
NUM_HELPER_MODES
|
|
} HelperMode;
|
|
|
|
typedef struct tag_arc4_info {
|
|
unsigned char x, y;
|
|
unsigned char state[256];
|
|
} arc4_info;
|
|
|
|
typedef struct _NegoHelper {
|
|
pid_t helper_pid;
|
|
HelperMode mode;
|
|
int pipe_in;
|
|
int pipe_out;
|
|
int major;
|
|
int minor;
|
|
int micro;
|
|
char *com_buf;
|
|
int com_buf_size;
|
|
int com_buf_offset;
|
|
BYTE *session_key;
|
|
ULONG neg_flags;
|
|
struct {
|
|
struct {
|
|
ULONG seq_num;
|
|
arc4_info *a4i;
|
|
} ntlm;
|
|
struct {
|
|
BYTE *send_sign_key;
|
|
BYTE *send_seal_key;
|
|
BYTE *recv_sign_key;
|
|
BYTE *recv_seal_key;
|
|
ULONG send_seq_no;
|
|
ULONG recv_seq_no;
|
|
arc4_info *send_a4i;
|
|
arc4_info *recv_a4i;
|
|
} ntlm2;
|
|
} crypt;
|
|
} NegoHelper, *PNegoHelper;
|
|
|
|
typedef struct _NtlmCredentials
|
|
{
|
|
HelperMode mode;
|
|
|
|
/* these are all in the Unix codepage */
|
|
char *username_arg;
|
|
char *domain_arg;
|
|
char *password; /* not nul-terminated */
|
|
int pwlen;
|
|
int no_cached_credentials; /* don't try to use cached Samba credentials */
|
|
} NtlmCredentials, *PNtlmCredentials;
|
|
|
|
typedef enum _sign_direction {
|
|
NTLM_SEND,
|
|
NTLM_RECV
|
|
} SignDirection;
|
|
|
|
/* Allocates space for and initializes a new provider. If fnTableA or fnTableW
|
|
* is non-NULL, assumes the provider is built-in, and if moduleName is non-NULL,
|
|
* means must load the LSA/user mode functions tables from external SSP/AP module.
|
|
* Otherwise moduleName must not be NULL.
|
|
* Returns a pointer to the stored provider entry, for use adding packages.
|
|
*/
|
|
SecureProvider *SECUR32_addProvider(const SecurityFunctionTableA *fnTableA,
|
|
const SecurityFunctionTableW *fnTableW, PCWSTR moduleName) DECLSPEC_HIDDEN;
|
|
|
|
/* Allocates space for and adds toAdd packages with the given provider.
|
|
* provider must not be NULL, and either infoA or infoW may be NULL, but not
|
|
* both.
|
|
*/
|
|
void SECUR32_addPackages(SecureProvider *provider, ULONG toAdd,
|
|
const SecPkgInfoA *infoA, const SecPkgInfoW *infoW) DECLSPEC_HIDDEN;
|
|
|
|
/* Tries to find the package named packageName. If it finds it, implicitly
|
|
* loads the package if it isn't already loaded.
|
|
*/
|
|
SecurePackage *SECUR32_findPackageW(PCWSTR packageName) DECLSPEC_HIDDEN;
|
|
|
|
/* Tries to find the package named packageName. (Thunks to _findPackageW)
|
|
*/
|
|
SecurePackage *SECUR32_findPackageA(PCSTR packageName) DECLSPEC_HIDDEN;
|
|
|
|
/* A few string helpers; will return NULL if str is NULL. Free return with
|
|
* HeapFree */
|
|
PWSTR SECUR32_AllocWideFromMultiByte(PCSTR str) DECLSPEC_HIDDEN;
|
|
PSTR SECUR32_AllocMultiByteFromWide(PCWSTR str) DECLSPEC_HIDDEN;
|
|
|
|
/* Initialization functions for built-in providers */
|
|
void SECUR32_initSchannelSP(void) DECLSPEC_HIDDEN;
|
|
void SECUR32_initNegotiateSP(void) DECLSPEC_HIDDEN;
|
|
void SECUR32_initNTLMSP(void) DECLSPEC_HIDDEN;
|
|
|
|
/* Cleanup functions for built-in providers */
|
|
void SECUR32_deinitSchannelSP(void) DECLSPEC_HIDDEN;
|
|
|
|
/* Functions from dispatcher.c used elsewhere in the code */
|
|
SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
|
|
char * const argv[]) DECLSPEC_HIDDEN;
|
|
|
|
SECURITY_STATUS run_helper(PNegoHelper helper, char *buffer,
|
|
unsigned int max_buflen, int *buflen) DECLSPEC_HIDDEN;
|
|
|
|
void cleanup_helper(PNegoHelper helper) DECLSPEC_HIDDEN;
|
|
|
|
void check_version(PNegoHelper helper) DECLSPEC_HIDDEN;
|
|
|
|
/* Functions from base64_codec.c used elsewhere */
|
|
SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char* out_buf,
|
|
int max_len, int *out_len) DECLSPEC_HIDDEN;
|
|
|
|
SECURITY_STATUS decodeBase64(char *in_buf, int in_len, BYTE *out_buf,
|
|
int max_len, int *out_len) DECLSPEC_HIDDEN;
|
|
|
|
/* Functions from util.c */
|
|
ULONG ComputeCrc32(const BYTE *pData, INT iLen, ULONG initial_crc) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SECUR32_CreateNTLM1SessionKey(PBYTE password, int len, PBYTE session_key) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SECUR32_CreateNTLM2SubKeys(PNegoHelper helper) DECLSPEC_HIDDEN;
|
|
arc4_info *SECUR32_arc4Alloc(void) DECLSPEC_HIDDEN;
|
|
void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen) DECLSPEC_HIDDEN;
|
|
void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length) DECLSPEC_HIDDEN;
|
|
void SECUR32_arc4Cleanup(arc4_info *a4i) DECLSPEC_HIDDEN;
|
|
|
|
/* NTLMSSP flags indicating the negotiated features */
|
|
#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001
|
|
#define NTLMSSP_NEGOTIATE_OEM 0x00000002
|
|
#define NTLMSSP_REQUEST_TARGET 0x00000004
|
|
#define NTLMSSP_NEGOTIATE_SIGN 0x00000010
|
|
#define NTLMSSP_NEGOTIATE_SEAL 0x00000020
|
|
#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE 0x00000040
|
|
#define NTLMSSP_NEGOTIATE_LM_SESSION_KEY 0x00000080
|
|
#define NTLMSSP_NEGOTIATE_NTLM 0x00000200
|
|
#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000
|
|
#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
|
|
#define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x00004000
|
|
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
|
|
#define NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN 0x00010000
|
|
#define NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER 0x00020000
|
|
#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
|
|
#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000
|
|
#define NTLMSSP_NEGOTIATE_128 0x20000000
|
|
#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE 0x40000000
|
|
#define NTLMSSP_NEGOTIATE_56 0x80000000
|
|
|
|
SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(SEC_WCHAR *, SEC_WCHAR *,
|
|
ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(PCredHandle, PCtxtHandle,
|
|
SEC_WCHAR *, ULONG fContextReq, ULONG, ULONG, PSecBufferDesc, ULONG, PCtxtHandle,
|
|
PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle, PCtxtHandle, PSecBufferDesc,
|
|
ULONG, ULONG, PCtxtHandle, PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(PCredHandle) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN;
|
|
SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN;
|
|
|
|
SecPkgInfoW *ntlm_package_infoW;
|
|
SecPkgInfoA *ntlm_package_infoA;
|
|
|
|
/* schannel internal interface */
|
|
typedef struct schan_imp_session_opaque *schan_imp_session;
|
|
|
|
typedef struct schan_credentials
|
|
{
|
|
ULONG credential_use;
|
|
void *credentials;
|
|
DWORD enabled_protocols;
|
|
} schan_credentials;
|
|
|
|
struct schan_transport;
|
|
|
|
struct schan_buffers
|
|
{
|
|
SIZE_T offset;
|
|
SIZE_T limit;
|
|
const SecBufferDesc *desc;
|
|
int current_buffer_idx;
|
|
BOOL allow_buffer_resize;
|
|
int (*get_next_buffer)(const struct schan_transport *, struct schan_buffers *);
|
|
};
|
|
|
|
struct schan_transport
|
|
{
|
|
struct schan_context *ctx;
|
|
struct schan_buffers in;
|
|
struct schan_buffers out;
|
|
};
|
|
|
|
char *schan_get_buffer(const struct schan_transport *t, struct schan_buffers *s, SIZE_T *count) DECLSPEC_HIDDEN;
|
|
extern int schan_pull(struct schan_transport *t, void *buff, size_t *buff_len) DECLSPEC_HIDDEN;
|
|
extern int schan_push(struct schan_transport *t, const void *buff, size_t *buff_len) DECLSPEC_HIDDEN;
|
|
|
|
extern schan_imp_session schan_session_for_transport(struct schan_transport* t) DECLSPEC_HIDDEN;
|
|
|
|
/* schannel implementation interface */
|
|
extern BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred) DECLSPEC_HIDDEN;
|
|
extern void schan_imp_dispose_session(schan_imp_session session) DECLSPEC_HIDDEN;
|
|
extern void schan_imp_set_session_transport(schan_imp_session session,
|
|
struct schan_transport *t) DECLSPEC_HIDDEN;
|
|
extern void schan_imp_set_session_target(schan_imp_session session, const char *target) DECLSPEC_HIDDEN;
|
|
extern SECURITY_STATUS schan_imp_handshake(schan_imp_session session) DECLSPEC_HIDDEN;
|
|
extern unsigned int schan_imp_get_session_cipher_block_size(schan_imp_session session) DECLSPEC_HIDDEN;
|
|
extern unsigned int schan_imp_get_max_message_size(schan_imp_session session) DECLSPEC_HIDDEN;
|
|
extern SECURITY_STATUS schan_imp_get_connection_info(schan_imp_session session,
|
|
SecPkgContext_ConnectionInfo *info) DECLSPEC_HIDDEN;
|
|
extern SECURITY_STATUS schan_imp_get_session_peer_certificate(schan_imp_session session, HCERTSTORE,
|
|
PCCERT_CONTEXT *cert) DECLSPEC_HIDDEN;
|
|
extern SECURITY_STATUS schan_imp_send(schan_imp_session session, const void *buffer,
|
|
SIZE_T *length) DECLSPEC_HIDDEN;
|
|
extern SECURITY_STATUS schan_imp_recv(schan_imp_session session, void *buffer,
|
|
SIZE_T *length) DECLSPEC_HIDDEN;
|
|
extern BOOL schan_imp_allocate_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN;
|
|
extern void schan_imp_free_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN;
|
|
extern DWORD schan_imp_enabled_protocols(void) DECLSPEC_HIDDEN;
|
|
extern BOOL schan_imp_init(void) DECLSPEC_HIDDEN;
|
|
extern void schan_imp_deinit(void) DECLSPEC_HIDDEN;
|
|
|
|
|
|
#endif /* ndef __SECUR32_PRIV_H__ */
|