Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

243 lines
6.8 KiB

  1. /*++
  2. Copyright (c) 1996 Microsoft Corporation
  3. Module Name:
  4. spluginx.hxx
  5. Abstract:
  6. This file contains headers for the WININET
  7. HTTP Authentication Plug In Model.
  8. Contents:
  9. AuthenticateUser
  10. PreAuthenticateUser
  11. UnloadAuthenticateUser
  12. AuthenticateUserUI
  13. Author:
  14. Arthur Bierer (arthurbi) 04-Apr-1996
  15. Revision History:
  16. 04-Apr-1996 arthurbi
  17. Created
  18. --*/
  19. //
  20. // Macros and Defines for Authentication UI
  21. //
  22. #define MAX_FIELD_LENGTH MAX_PATH
  23. typedef enum tagAuthType
  24. {
  25. REALM_AUTH = 0,
  26. NTLM_AUTH = 1,
  27. } AuthType;
  28. typedef struct tagInvalidPassType
  29. {
  30. LPSTR lpszRealm;
  31. LPSTR lpszUsername;
  32. LPSTR lpszPassword;
  33. LPSTR lpszHost;
  34. ULONG ulMaxField;
  35. BOOL fIsProxy;
  36. AuthType eAuthType;
  37. } InvalidPassType;
  38. #ifdef __cplusplus
  39. extern "C" {
  40. #endif
  41. //
  42. // AuthenticateUser - Called on recept of a 401 or 407 status code
  43. // from the Web Server. This function should attempt to
  44. // validate the Server's 401/407 response, and generate
  45. // ERROR_SUCCESS if it accepts this Server for authentication
  46. // Otherwise this function should returns an appropriate
  47. // error found in wininet.h, or winerror.h
  48. //
  49. // lppvContext - pointer to Context pointer that will be passed on
  50. // every unquie conversation with the Server. Will be a pointer to a
  51. // NULL the first time this function is called for a unquie session.
  52. // Its the Function's responsiblity to allocate or generate a unquie context
  53. // value that will be passed on future calls.
  54. //
  55. // lpszServerName - Host Name of Web server.
  56. // lpszScheme - Name of Authentication Scheme being used, ie Basic, NTLM..
  57. // dwFlags - Flags.
  58. // lpszUserName - Possible UserName if availble.
  59. // lpszPassword - Possible Password if availble.
  60. //
  61. // RETURNS:
  62. // ERROR_SUCCESS - Means it accepts this connection as valid, and
  63. // asks for the authentication to continue by restarting
  64. // the HTTP connection, and calling PreAuthenticateUser BEFORE
  65. // that new HTTP connection is opened.
  66. //
  67. // ERROR_WINHTTP_INCORRECT_PASSWORD - Means we do not understand this
  68. // username and/or password that is passed to us. Will
  69. // return to User or Application for new username and password.
  70. //
  71. // ERROR_WINHTTP_FORCE_RETRY - An additional 401/407 response may
  72. // need to be generated from the server. Forces PreAuthenticateUser
  73. // to be recalled, and new HTTP connection/request. The difference
  74. // is WININET will expect a 401/407 to be generated from this request.
  75. //
  76. #if defined(unix) && defined(__cplusplus)
  77. extern "C"
  78. #endif
  79. DWORD
  80. WINAPI
  81. AuthenticateUser(
  82. IN OUT LPVOID* lppvContext,
  83. IN LPSTR lpszServerName,
  84. IN LPSTR lpszScheme,
  85. IN BOOL fCanUseLogon,
  86. IN LPSTR lpszParsedAuthHeader,
  87. IN DWORD dwcbParsedAuthHeader,
  88. IN LPSTR lpszUserName,
  89. IN LPSTR lpszPassword,
  90. OUT SECURITY_STATUS *pssResult
  91. );
  92. //
  93. // PreAuthenticateUser - Called on BEFORE doing a GET or POST
  94. // to a Web Server. This function is called only if there
  95. // has been a previous connection with the server using the
  96. // passed in Scheme.
  97. //
  98. // This function will attempt to Generate a proper set of
  99. // encoded bytes that can be sent to the server on a HTTP
  100. // header. If lpdwOutBufferLength is not large enough
  101. // ERROR_INSUFFICENT_BUFFER can be returned with the correct
  102. // size stored in lpdwOutBufferLength.
  103. //
  104. // lppvContext - pointer to Context pointer that will be passed on
  105. // every unquie conversation with the Server.
  106. // lpszServerName - Host Name of Web server.
  107. // lpszScheme - Name of Authentication Scheme being used, ie Basic, NTLM..
  108. // fCanUseLogon - whether zone policy allows ntlm to use logon credential
  109. // lpOutBuffer - Pointer to Buffer that will contain output encoded header bytes.
  110. // lpdwOutBufferLength - Size of Buffer Above, will contain size of buffer above,
  111. // on return will contain bytes actually stored.
  112. // lpszUserName - Possible UserName if availble.
  113. // lpszPassword - Possible Password if availble.
  114. //
  115. //
  116. #if defined(unix) && defined(__cplusplus)
  117. extern "C"
  118. #endif
  119. DWORD
  120. WINAPI
  121. PreAuthenticateUser(
  122. IN OUT LPVOID* lppvContext,
  123. IN LPSTR lpszServerName,
  124. IN LPSTR lpszScheme,
  125. IN BOOL fCanUseLogon,
  126. IN DWORD dwFlags,
  127. OUT LPSTR lpOutBuffer,
  128. IN OUT LPDWORD lpdwOutBufferLength,
  129. IN LPSTR lpszUserName,
  130. IN LPSTR lpszPassword,
  131. OUT SECURITY_STATUS *pssResult
  132. );
  133. //
  134. // UnloadAuthenticateUser - Called after HTTP authentication
  135. // has been completed, and the authentication process is
  136. // no longer needed.
  137. //
  138. // Its intended for cleanup of context memory that was allocated.
  139. // NOTE: For certain schemes these context values may live
  140. // until shutdown.
  141. //
  142. #if defined(unix) && defined(__cplusplus)
  143. extern "C"
  144. #endif
  145. VOID
  146. WINAPI
  147. UnloadAuthenticateUser(
  148. IN OUT LPVOID* lppvContext,
  149. IN LPSTR lpszScheme,
  150. IN LPSTR lpszHost
  151. );
  152. #if defined(unix) && defined(__cplusplus)
  153. extern "C"
  154. #endif
  155. #ifdef __cplusplus
  156. } // end extern "C"
  157. #endif
  158. //
  159. // Registry Flags Used for Defining what kind of authentication a
  160. // plugin may support.
  161. //
  162. //
  163. // Each TCP/IP Socket will contain a different Context.
  164. // Otherwise a new context will be passed for each Realm
  165. // or block URL template (http://www.foo.com/directory/*).
  166. //
  167. #define PLUGIN_AUTH_FLAGS_UNIQUE_CONTEXT_PER_TCPIP 0x01
  168. //
  169. // This PlugIn Can handle doing it's own UI. So call it
  170. // when UI is needed.
  171. //
  172. #define PLUGIN_AUTH_FLAGS_CAN_HANDLE_UI 0x02
  173. //
  174. // This PlugIn may be capible of doing an Authentication
  175. // without prompting the User for a Password. If this
  176. // is not the case AuthenticateUser should return
  177. // ERROR_WINHTTP_INCORRECT_PASSWORD
  178. //
  179. #define PLUGIN_AUTH_FLAGS_CAN_HANDLE_NO_PASSWD 0x04
  180. //
  181. // This PlugIn does not use a standard HTTP Realm
  182. // string. Any data that appears to be a realm
  183. // is scheme specific data.
  184. //
  185. #define PLUGIN_AUTH_FLAGS_NO_REALM 0x08
  186. //
  187. // This PlugIn doesn't need a persistent connection for challenge-response.
  188. //
  189. #define PLUGIN_AUTH_FLAGS_KEEP_ALIVE_NOT_REQUIRED 0x10
  190. //
  191. // Registry Values
  192. // To Register a Security PlugIn called FOO, place a key in
  193. // HKLM\Software\Microsoft\Internet Explorer\Security\FOO
  194. // In Foo Create the following values:
  195. // Flags 0x00000000 ( see above for Registry Flags )
  196. //