Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

283 lines
8.2 KiB

/*++
Copyright (c) 1996 Microsoft Corporation
Module Name:
spluginx.hxx
Abstract:
This file contains headers for the WININET
HTTP Authentication Plug In Model.
Contents:
AuthenticateUser
PreAuthenticateUser
UnloadAuthenticateUser
AuthenticateUserUI
Author:
Arthur Bierer (arthurbi) 04-Apr-1996
Revision History:
04-Apr-1996 arthurbi
Created
--*/
//
// Macros and Defines for Authentication UI
//
#define MAX_FIELD_LENGTH MAX_PATH
typedef enum tagAuthType
{
REALM_AUTH = 0,
NTLM_AUTH = 1,
PASSPORT_AUTH = 2
} AuthType;
typedef struct tagInvalidPassType
{
LPSTR lpszRealm;
LPSTR lpszUsername;
LPSTR lpszPassword;
LPSTR lpszHost;
ULONG ulMaxField;
BOOL fIsProxy;
AuthType eAuthType;
} InvalidPassType;
#ifdef __cplusplus
extern "C" {
#endif
//
// AuthenticateUser - Called on recept of a 401 or 407 status code
// from the Web Server. This function should attempt to
// validate the Server's 401/407 response, and generate
// ERROR_SUCCESS if it accepts this Server for authentication
// Otherwise this function should returns an appropriate
// error found in wininet.h, or winerror.h
//
// lppvContext - pointer to Context pointer that will be passed on
// every unquie conversation with the Server. Will be a pointer to a
// NULL the first time this function is called for a unquie session.
// Its the Function's responsiblity to allocate or generate a unquie context
// value that will be passed on future calls.
//
// lpszServerName - Host Name of Web server.
// lpszScheme - Name of Authentication Scheme being used, ie Basic, MSN, NTLM..
// dwFlags - Flags.
// lpszUserName - Possible UserName if availble.
// lpszPassword - Possible Password if availble.
//
// RETURNS:
// ERROR_SUCCESS - Means it accepts this connection as valid, and
// asks for the authentication to continue by restarting
// the HTTP connection, and calling PreAuthenticateUser BEFORE
// that new HTTP connection is opened.
//
// ERROR_INTERNET_INCORRECT_PASSWORD - Means we do not understand this
// username and/or password that is passed to us. Will
// return to User or Application for new username and password.
//
// ERROR_INTERNET_FORCE_RETRY - An additional 401/407 response may
// need to be generated from the server. Forces PreAuthenticateUser
// to be recalled, and new HTTP connection/request. The difference
// is WININET will expect a 401/407 to be generated from this request.
//
#if defined(unix) && defined(__cplusplus)
extern "C"
#endif
DWORD
WINAPI
AuthenticateUser(
IN OUT LPVOID* lppvContext,
IN LPSTR lpszServerName,
IN LPSTR lpszScheme,
IN BOOL fCanUseLogon,
IN LPSTR lpszParsedAuthHeader,
IN DWORD dwcbParsedAuthHeader,
IN LPSTR lpszUserName,
IN LPSTR lpszPassword,
IN PCSTR lpszUrl,
OUT SECURITY_STATUS *pssResult
);
//
// PreAuthenticateUser - Called on BEFORE doing a GET or POST
// to a Web Server. This function is called only if there
// has been a previous connection with the server using the
// passed in Scheme.
//
// This function will attempt to Generate a proper set of
// encoded bytes that can be sent to the server on a HTTP
// header. If lpdwOutBufferLength is not large enough
// ERROR_INSUFFICENT_BUFFER can be returned with the correct
// size stored in lpdwOutBufferLength.
//
// lppvContext - pointer to Context pointer that will be passed on
// every unquie conversation with the Server.
// lpszServerName - Host Name of Web server.
// lpszScheme - Name of Authentication Scheme being used, ie Basic, MSN, NTLM..
// fCanUseLogon - whether zone policy allows ntlm to use logon credential
// lpOutBuffer - Pointer to Buffer that will contain output encoded header bytes.
// lpdwOutBufferLength - Size of Buffer Above, will contain size of buffer above,
// on return will contain bytes actually stored.
// lpszUserName - Possible UserName if availble.
// lpszPassword - Possible Password if availble.
//
//
#if defined(unix) && defined(__cplusplus)
extern "C"
#endif
DWORD
WINAPI
PreAuthenticateUser(
IN OUT LPVOID* lppvContext,
IN LPSTR lpszServerName,
IN LPSTR lpszScheme,
IN DWORD dwFlags,
OUT LPSTR lpOutBuffer,
IN OUT LPDWORD lpdwOutBufferLength,
IN LPSTR lpszUserName,
IN LPSTR lpszPassword,
IN PCSTR lpszUrl,
OUT SECURITY_STATUS *pssResult
);
//
// UnloadAuthenticateUser - Called after HTTP authentication
// has been completed, and the authentication process is
// no longer needed.
//
// Its intended for cleanup of context memory that was allocated.
// NOTE: For certain schemes these context values may live
// until shutdown.
//
#if defined(unix) && defined(__cplusplus)
extern "C"
#endif
VOID
WINAPI
UnloadAuthenticateUser(
IN OUT LPVOID* lppvContext,
IN LPSTR lpszScheme,
IN LPSTR lpszHost
);
//
// AuthenticateUserUI - This function is called when a application
// called InternetErrorDlg for the purposes of generating UI on
// a specific HTTP Authentication Scheme. For example, if a User
// required a login to the MSN service. An application could
// call InternetErrorDlg to generate UI, and WinINet would
// determine that MSN could handle the UI for quering the user/passwd
// internaly.
//
// Note: An application does not need to generate the UserName,
// and Password for WININET in pAuthInfo. Rather it could simply
// return an ERROR_SUCCESS, and have its PreAuthenticeUser recalled.
//
// Note: To Cancel the authentication process. ERROR_CANCELLED should
// be returned.
//
// lppvContext - pointer to Authenticateion Context.
// hWnd - Windows Handle to Parent Window
// dwError - Error code passed to InternetErrorDlg
// dwFlags - flags.
// pAuthInfo - Pointer to structure containing a place to store
// Username and password
#if defined(unix) && defined(__cplusplus)
extern "C"
#endif
DWORD
WINAPI
AuthenticateUserUI(
IN OUT LPVOID* lppvContext,
IN HWND hWnd,
IN DWORD dwError,
IN DWORD dwFlags,
IN OUT InvalidPassType* pAuthInfo,
IN LPSTR lpszScheme,
IN PCSTR lpszUrl,
SECURITY_STATUS *pssResult
);
#ifdef __cplusplus
} // end extern "C"
#endif
//
// Registry Flags Used for Defining what kind of authentication a
// plugin may support.
//
//
// Each TCP/IP Socket will contain a different Context.
// Otherwise a new context will be passed for each Realm
// or block URL template (http://www.foo.com/directory/*).
//
#define PLUGIN_AUTH_FLAGS_UNIQUE_CONTEXT_PER_TCPIP 0x01
//
// This PlugIn Can handle doing it's own UI. So call it
// when UI is needed.
//
#define PLUGIN_AUTH_FLAGS_CAN_HANDLE_UI 0x02
//
// This PlugIn may be capible of doing an Authentication
// without prompting the User for a Password. If this
// is not the case AuthenticateUser should return
// ERROR_INTERNET_INCORRECT_PASSWORD
//
#define PLUGIN_AUTH_FLAGS_CAN_HANDLE_NO_PASSWD 0x04
//
// This PlugIn does not use a standard HTTP Realm
// string. Any data that appears to be a realm
// is scheme specific data.
//
#define PLUGIN_AUTH_FLAGS_NO_REALM 0x08
//
// This PlugIn doesn't need a persistent connection for challenge-response.
//
#define PLUGIN_AUTH_FLAGS_KEEP_ALIVE_NOT_REQUIRED 0x10
//
// Registry Values
// To Register a Security PlugIn called FOO, place a key in
// HKLM\Software\Microsoft\Internet Explorer\Security\FOO
// In Foo Create the following values:
// Flags 0x00000000 ( see above for Registry Flags )
//