archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/com/rpc/runtime/mtrt/secclnt.hxx

553 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (C) Microsoft Corporation, 1991 - 1999
  5. Module Name:
  7. secclnt.hxx
  9. Abstract:
  11. This file contains an abstraction to the security support for clients
  12. and that which is common to both servers and clients.
  14. Author:
  16. Michael Montague (mikemon) 10-Apr-1992
  18. Revision History:
  20. --*/
  22. #ifndef __SECCLNT_HXX__
  23. #define __SECCLNT_HXX__
  25. typedef SecBufferDesc SECURITY_BUFFER_DESCRIPTOR;
  26. typedef SecBuffer SECURITY_BUFFER;
  28. #define MAXIMUM_SECURITY_BLOCK_SIZE 16
  30. enum PACKAGE_LEG_COUNT
  31. {
  32. LegsUnknown,
  33. ThreeLegs,
  34. EvenNumberOfLegs
  35. };
  37. typedef struct
  38. {
  39. #ifdef UNICODE
  40. SecPkgInfoW PackageInfo;
  41. #else
  42. SecPkgInfoA PackageInfo;
  43. #endif
  44. SECURITY_CREDENTIALS *ServerSecurityCredentials;
  45. PACKAGE_LEG_COUNT LegCount;
  46. } SECURITY_PACKAGE_INFO;
  48. typedef struct
  49. {
  50. unsigned long Count;
  51. SECURITY_PACKAGE_INFO * SecurityPackages;
  52. PSecurityFunctionTable RpcSecurityInterface;
  53. void * ProviderDll;
  54. RPC_CHAR *ProviderDllName;
  55. } SECURITY_PROVIDER_INFO;
  57. extern SECURITY_PROVIDER_INFO PAPI * ProviderList;
  58. extern unsigned long NumberOfProviders;
  59. extern unsigned long LoadedProviders;
  60. extern unsigned long AvailableProviders;
  63. extern int SecuritySupportLoaded;
  64. extern int FailedToLoad;
  65. extern PSecurityFunctionTable RpcSecurityInterface;
  66. extern SecPkgInfo PAPI * SecurityPackages;
  67. extern unsigned long NumberOfSecurityPackages;
  68. extern MUTEX * SecurityCritSect;
  70. extern RPC_STATUS
  71. InsureSecuritySupportLoaded (
  72. );
  74. extern RPC_STATUS
  75. IsAuthenticationServiceSupported (
  76. IN unsigned long AuthenticationService
  77. );
  79. extern RPC_STATUS
  80. FindServerCredentials (
  81. IN RPC_AUTH_KEY_RETRIEVAL_FN GetKeyFn,
  82. IN void __RPC_FAR * Arg,
  83. IN unsigned long AuthenticationService,
  84. IN unsigned long AuthenticationLevel,
  85. IN RPC_CHAR __RPC_FAR * Principal,
  86. IN OUT SECURITY_CREDENTIALS ** SecurityCredentials
  87. );
  89. extern RPC_STATUS
  90. RemoveCredentialsFromCache (
  91. IN unsigned long AuthenticationService
  92. );
  94. extern PACKAGE_LEG_COUNT
  95. GetPackageLegCount(
  96. DWORD id
  97. );
  99. extern BOOL
  100. ReadPackageLegInfo();
  102. extern DWORD * FourLeggedPackages;
  106. class SECURITY_CREDENTIALS
  107. /*++
  109. Class Description:
  111. This class is an abstraction of the credential handle provided by
  112. the Security APIs.
  114. Fields:
  116. PackageIndex - Contains the index for this package in the array of
  117. packages pointed to by SecurityPackages.
  119. Credentials - Contains the credential handle used by the security
  120. package.
  122. --*/
  123. {
  125. friend RPC_STATUS
  126. FindServerCredentials (
  127. IN RPC_AUTH_KEY_RETRIEVAL_FN GetKeyFn,
  128. IN void __RPC_FAR * Arg,
  129. IN unsigned long AuthenticationService,
  130. IN unsigned long AuthenticationLevel,
  131. IN RPC_CHAR __RPC_FAR * Principal,
  132. IN OUT SECURITY_CREDENTIALS ** SecurityCredentials
  133. );
  136. public:
  138. unsigned AuthenticationService;
  140. private:
  142. BOOL Valid;
  143. unsigned int ProviderIndex;
  144. unsigned int PackageIndex;
  145. CredHandle CredentialsHandle;
  146. unsigned int ReferenceCount;
  147. MUTEX CredentialsMutex;
  149. SEC_CHAR __SEC_FAR * DefaultPrincName;
  151. public:
  153. SECURITY_CREDENTIALS (
  154. IN OUT RPC_STATUS PAPI * Status
  155. );
  157. ~SECURITY_CREDENTIALS ();
  159. RPC_STATUS
  160. AcquireCredentialsForServer (
  161. IN RPC_AUTH_KEY_RETRIEVAL_FN GetKeyFn,
  162. IN void __RPC_FAR * Arg,
  163. IN unsigned long AuthenticationService,
  164. IN unsigned long AuthenticationLevel,
  165. IN RPC_CHAR __RPC_FAR * Principal
  166. );
  168. RPC_STATUS
  169. AcquireCredentialsForClient (
  170. IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity,
  171. IN unsigned long AuthenticationService,
  172. IN unsigned long AuthenticationLevel
  173. );
  176. RPC_STATUS
  177. InquireDefaultPrincName (
  178. OUT SEC_CHAR __SEC_FAR **MyDefaultPrincName
  179. );
  181. void
  182. FreeCredentials (
  183. );
  185. unsigned int
  186. MaximumTokenLength (
  187. );
  189. PCredHandle
  190. InquireCredHandle (
  191. );
  193. void
  194. ReferenceCredentials(
  195. void
  196. );
  198. void
  199. DereferenceCredentials(
  200. void
  201. );
  203. PSecurityFunctionTable
  204. InquireProviderFunctionTable (
  205. );
  207. int
  208. CompareCredentials(
  209. SECURITY_CREDENTIALS PAPI * Creds
  210. );
  212. };
  215. inline
  216. int
  217. SECURITY_CREDENTIALS::CompareCredentials(
  218. SECURITY_CREDENTIALS PAPI * Creds
  219. )
  220. {
  221. CredHandle * Cookie = Creds->InquireCredHandle();
  223. if ( (CredentialsHandle.dwLower == Cookie->dwLower)
  224. &&(CredentialsHandle.dwUpper == Cookie->dwUpper) )
  225. {
  226. return 0;
  227. }
  228. return 1;
  229. }
  232. inline unsigned int
  233. SECURITY_CREDENTIALS::MaximumTokenLength (
  234. )
  235. /*++
  237. Return Value:
  239. The maximum size, in bytes, of the tokens passed around at security
  240. context initialization time.
  242. --*/
  243. {
  244. return(ProviderList[ProviderIndex].SecurityPackages[PackageIndex].PackageInfo.cbMaxToken);
  245. }
  248. inline PSecurityFunctionTable
  249. SECURITY_CREDENTIALS::InquireProviderFunctionTable(
  250. )
  251. /*++
  253. Return Value:
  255. --*/
  256. {
  257. return(ProviderList[ProviderIndex].RpcSecurityInterface);
  258. }
  262. inline PCredHandle
  263. SECURITY_CREDENTIALS::InquireCredHandle (
  264. )
  265. /*++
  267. Return Value:
  269. The credential handle for this object will be returned.
  271. --*/
  272. {
  273. return(&CredentialsHandle);
  274. }
  277. class SECURITY_CONTEXT : public CLIENT_AUTH_INFO
  279. /*++
  281. Class Description:
  283. This is an abstraction of a security context. It allows you to use
  284. it to generate signatures and then verify them, as well as, sealing
  285. and unsealing messages.
  287. Fields:
  289. DontForgetToDelete - Contains a flag indicating whether or not there
  290. is a valid security context which needs to be deleted. A value
  291. of non-zero indicates there is a valid security context.
  293. SecurityContext - Contains a handle to the security context maintained
  294. by the security package on our behalf.
  296. MaxHeaderLength - Contains the maximum size of a header for this
  297. security context.
  299. MaxSignatureLength - Contains the maximum size of a signature for
  300. this security context.
  302. --*/
  303. {
  304. public:
  306. unsigned AuthContextId;
  307. unsigned Flags;
  308. unsigned long ContextAttributes;
  309. PACKAGE_LEG_COUNT Legs;
  311. SECURITY_CONTEXT (
  312. CLIENT_AUTH_INFO *myAuthInfo,
  313. unsigned myAuthContextId,
  314. BOOL fUseDatagram,
  315. RPC_STATUS __RPC_FAR * pStatus
  316. );
  318. inline ~SECURITY_CONTEXT (
  319. void
  320. )
  321. {
  322. DeleteSecurityContext();
  323. }
  325. RPC_STATUS
  326. SetMaximumLengths (
  327. );
  329. unsigned int
  330. MaximumHeaderLength (
  331. );
  333. unsigned int
  334. MaximumSignatureLength (
  335. );
  337. unsigned int
  338. BlockSize (
  339. );
  341. RPC_STATUS
  342. CompleteSecurityToken (
  343. IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
  344. );
  346. RPC_STATUS
  347. SignOrSeal (
  348. IN unsigned long Sequence,
  349. IN unsigned int SignNotSealFlag,
  350. IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
  351. );
  353. RPC_STATUS
  354. VerifyOrUnseal (
  355. IN unsigned long Sequence,
  356. IN unsigned int VerifyNotUnsealFlag,
  357. IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
  358. );
  360. BOOL
  361. FullyConstructed()
  362. {
  363. return fFullyConstructed;
  364. }
  366. // client-side calls
  368. RPC_STATUS
  369. InitializeFirstTime(
  370. IN SECURITY_CREDENTIALS * Credentials,
  371. IN RPC_CHAR * ServerPrincipal,
  372. IN unsigned long AuthenticationLevel,
  373. IN OUT SECURITY_BUFFER_DESCRIPTOR * BufferDescriptor,
  374. IN OUT unsigned char *NewAuthType = NULL
  375. );
  377. RPC_STATUS
  378. InitializeThirdLeg(
  379. IN SECURITY_CREDENTIALS * Credentials,
  380. IN unsigned long DataRep,
  381. IN SECURITY_BUFFER_DESCRIPTOR * In,
  382. IN OUT SECURITY_BUFFER_DESCRIPTOR * Out
  383. );
  385. RPC_STATUS
  386. GetWireIdForSnego(
  387. OUT unsigned char *WireId
  388. );
  390. RPC_STATUS
  391. InqMarshalledTargetInfo (
  392. OUT unsigned long *MarshalledTargetInfoLength,
  393. OUT unsigned char **MarshalledTargetInfo
  394. );
  396. // server-side calls
  398. void
  399. DeletePac (
  400. void PAPI * Pac
  401. );
  403. RPC_STATUS
  404. AcceptFirstTime (
  405. IN SECURITY_CREDENTIALS * Credentials,
  406. IN SECURITY_BUFFER_DESCRIPTOR PAPI * InputBufferDescriptor,
  407. IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * OutputBufferDescriptor,
  408. IN unsigned long AuthenticationLevel,
  409. IN unsigned long DataRepresentation,
  410. IN unsigned long NewContextNeededFlag
  411. );
  413. RPC_STATUS
  414. AcceptThirdLeg (
  415. IN unsigned long DataRepresentation,
  416. IN SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor,
  417. OUT SECURITY_BUFFER_DESCRIPTOR PAPI * OutBufferDescriptor
  418. );
  420. unsigned long
  421. InquireAuthorizationService (
  422. );
  424. RPC_AUTHZ_HANDLE
  425. InquirePrivileges (
  426. );
  428. RPC_STATUS
  429. ImpersonateClient (
  430. );
  432. void
  433. RevertToSelf (
  434. );
  436. RPC_STATUS
  437. GetAccessToken (
  438. OUT HANDLE *ImpersonationToken,
  439. OUT BOOL *fNeedToCloseToken
  440. );
  442. inline AUTHZ_CLIENT_CONTEXT_HANDLE
  443. GetAuthzContext (
  444. void
  445. )
  446. {
  447. return AuthzClientContext;
  448. }
  450. inline PAUTHZ_CLIENT_CONTEXT_HANDLE
  451. GetAuthzContextAddress (
  452. void
  453. )
  454. {
  455. return &AuthzClientContext;
  456. }
  458. RPC_STATUS
  459. GetDceInfo (
  460. RPC_AUTHZ_HANDLE __RPC_FAR * PacHandle,
  461. unsigned long __RPC_FAR * AuthzSvc
  462. );
  464. void
  465. DeleteSecurityContext (
  466. void
  467. );
  469. RPC_STATUS
  470. CheckForFailedThirdLeg (
  471. void
  472. );
  474. protected:
  476. unsigned char fFullyConstructed;
  477. unsigned char DontForgetToDelete;
  478. unsigned char fDatagram;
  480. CtxtHandle SecurityContext;
  482. unsigned int MaxHeaderLength;
  483. unsigned int MaxSignatureLength;
  484. unsigned int cbBlockSize;
  486. PSecurityFunctionTable RpcSecurityInterface;
  487. int FailedContext;
  488. ExtendedErrorInfo *FailedContextEEInfo;
  490. AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext;
  492. DWORD VerifyCertificate();
  494. public:
  495. CtxtHandle *
  496. InqSecurityContext ()
  497. {
  498. return &SecurityContext;
  499. }
  500. };
  502. typedef SECURITY_CONTEXT * PSECURITY_CONTEXT;
  505. inline unsigned int
  506. SECURITY_CONTEXT::MaximumHeaderLength (
  507. )
  508. /*++
  510. Return Value:
  512. The maximum size of the header used by SECURITY_CONTEXT::SealMessage
  513. will be returned. This is in bytes.
  515. --*/
  516. {
  517. return(MaxHeaderLength);
  518. }
  521. inline unsigned int
  522. SECURITY_CONTEXT::BlockSize (
  523. )
  524. /*++
  526. Return Value:
  528. For best effect, buffers to be signed or sealed should be a multiple
  529. of this length.
  531. --*/
  532. {
  533. return(cbBlockSize);
  534. }
  537. inline unsigned int
  538. SECURITY_CONTEXT::MaximumSignatureLength (
  539. )
  540. /*++
  542. Return Value:
  544. The maximum size, in bytes, of the signature used by
  545. SECURITY_CONTEXT::MakeSignature will be returned.
  547. --*/
  548. {
  549. return(MaxSignatureLength);
  550. }
  552. #endif // __SECCLNT_HXX__