Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

326 lines
6.7 KiB

/*++
Copyright (c) 1997 Microsoft Corporation
Module Name:
ssocket.hxx
Abstract:
Contains types, manifests, prototypes for Internet Secure Socket Class
(ICSecureSocket) functions and methods (in common\ssocket.cxx)
Author:
Richard L Firth (rfirth) 08-Apr-1997
Revision History:
08-Apr-1997 rfirth
Created (from ixport.hxx)
--*/
#define SECURITY_WIN32
#include <sspi.h>
#include <issperr.h>
#include <buffer.hxx>
#include <winerror.h>
//
// forward references
//
class CFsm_SecureConnect;
class CFsm_SecureHandshake;
class CFsm_SecureNegotiate;
class CFsm_NegotiateLoop;
class CFsm_SecureSend;
class CFsm_SecureReceive;
//
// classes
//
class ICSecureSocket : public ICSocket {
private:
CtxtHandle m_hContext;
DWORD m_dwProviderIndex;
LPSTR m_lpszHostName;
DBLBUFFER * m_pdblbufBuffer;
DWORD m_dwErrorFlags;
SECURITY_CACHE_LIST_ENTRY *m_pSecurityInfo;
SECURITY_CACHE_LIST_ENTRY **m_ppSecurityInfo;
#if INET_DEBUG
#define SECURE_SOCKET_SIGNATURE 0x534c5353 // "SSLS"
#define SIGN_SECURE_SOCKET() \
m_Signature = SECURE_SOCKET_SIGNATURE
#define CHECK_SECURE_SOCKET() \
INET_ASSERT(m_Signature == SECURE_SOCKET_SIGNATURE)
#else
#define SIGN_SECURE_SOCKET() \
/* NOTHING */
#define CHECK_SECURE_SOCKET() \
/* NOTHING */
#endif
VOID SetNonSecure(VOID)
{
if(m_pSecurityInfo)
{
m_pSecurityInfo->ClearSecureFlags(SECURITY_FLAG_SECURE);
}
}
VOID SetSecure(VOID)
{
SetSecureFlags(SECURITY_FLAG_SECURE);
}
DWORD
EncryptData(
IN LPVOID lpBuffer,
IN DWORD dwInBufferLen,
OUT LPVOID * lplpBuffer,
OUT LPDWORD lpdwOutBufferLen,
OUT LPDWORD lpdwInBufferBytesEncrypted
);
DWORD
DecryptData(
OUT DWORD * lpdwBytesNeeded,
OUT LPBYTE lpOutBuffer,
IN OUT LPDWORD lpdwOutBufferLeft,
IN OUT LPDWORD lpdwOutBufferReceived,
IN OUT LPDWORD lpdwOutBufferBytesRead
);
VOID
TerminateSecConnection(
VOID
);
BOOL
IsValidCacheEntry();
DWORD ReVerifyTrust(
DWORD dwRecheckFlag // either SECURITY_FLAG_CHECK_EXPIRATION or
// SECURITY_FLAG_CHECK_REVOCATION
);
public:
ICSecureSocket(DWORD dwErrorFlags = 0, INTERNET_SCHEME tScheme = INTERNET_SCHEME_DEFAULT);
virtual ~ICSecureSocket(VOID);
DWORD
Connect(
IN LONG Timeout,
IN INT Retries,
IN DWORD dwFlags
);
DWORD
Connect_Fsm(
IN CFsm_SecureConnect * Fsm
);
DWORD
SecureHandshake_Fsm(
IN CFsm_SecureHandshake * Fsm
);
DWORD
SecureNegotiate_Fsm(
IN CFsm_SecureNegotiate * Fsm
);
DWORD
NegotiateLoop_Fsm(
IN CFsm_NegotiateLoop * Fsm
);
DWORD
NegotiateSecConnection(
IN DWORD dwFlags,
OUT LPBOOL lpbAttemptReconnect
);
DWORD
SSPINegotiateLoop(
OUT DBLBUFFER * pDoubleBuffer,
IN DWORD dwFlags,
IN CredHandle hCreds,
IN BOOL fDoInitialRead,
IN BOOL bDoingClientAuth
);
DWORD
Disconnect(
IN DWORD dwFlags
);
DWORD
Send(
IN LPVOID lpBuffer,
IN DWORD dwBufferLength,
IN DWORD dwFlags
);
DWORD
Send_Fsm(
IN CFsm_SecureSend * Fsm
);
DWORD
Receive(
IN OUT LPVOID* lplpBuffer,
IN OUT LPDWORD lpdwBufferLength,
IN OUT LPDWORD lpdwBufferRemaining,
IN OUT LPDWORD lpdwBytesReceived,
IN DWORD dwExtraSpace,
IN DWORD dwFlags,
OUT LPBOOL lpbEof
);
DWORD
Receive_Fsm(
IN CFsm_SecureReceive * Fsm
);
DWORD
SecureHandshakeWithServer(
IN DWORD dwFlags,
OUT LPBOOL lpfAttemptReconnect
);
DWORD
VerifyTrust(
VOID
);
SECURITY_CACHE_LIST_ENTRY * GetSecurityEntry() {
if (m_pSecurityInfo != NULL) {
m_pSecurityInfo->AddRef();
return m_pSecurityInfo;
}
return NULL;
}
VOID SetSecurityEntry(SECURITY_CACHE_LIST_ENTRY **entry) {
if (entry != NULL && *entry) {
(*entry)->AddRef();
}
if (m_pSecurityInfo != NULL) {
m_pSecurityInfo->Release();
}
m_pSecurityInfo = entry ? *entry : NULL;
m_ppSecurityInfo = entry;
}
DWORD
SetHostName(
IN LPSTR lpszHostName
);
LPSTR GetHostName(VOID) const {
INET_ASSERT(IsSecure());
INET_ASSERT(m_lpszHostName != NULL);
return m_lpszHostName;
}
//
// GetCertChainList (and)
// SetCertChainList -
// Sets and Gets Client Authentication Cert Chains.
//
CERT_CONTEXT_ARRAY* GetCertContextArray(VOID) {
if(m_pSecurityInfo)
{
return m_pSecurityInfo->GetCertContextArray();
}
return NULL;
}
VOID SetCertContextArray(CERT_CONTEXT_ARRAY* pNewCertContextArray) {
if(m_pSecurityInfo)
{
m_pSecurityInfo->SetCertContextArray(pNewCertContextArray);
}
}
//
// GetSecureFlags AND SetSecureFlags AND GetCertInfo
// Allows setting and getting of a bitmask which
// stores various data bits on current socket connection.
//
DWORD GetSecurityInfo(LPINTERNET_SECURITY_INFO pInfo) {
if(m_pSecurityInfo)
{
m_pSecurityInfo->CopyOut(*pInfo);
return ERROR_SUCCESS;
}
else
{
return ERROR_INTERNET_INTERNAL_ERROR;
}
}
VOID SetSecureFlags(DWORD Flags) {
if(m_pSecurityInfo)
{
m_pSecurityInfo->SetSecureFlags(Flags);
}
}
DWORD GetSecureFlags(VOID) {
if(m_pSecurityInfo)
{
return m_pSecurityInfo->GetSecureFlags();
}
return 0;
}
DWORD GetProviderIndex(VOID) const {
INET_ASSERT(IsSecure());
return m_dwProviderIndex;
}
VOID SetProviderIndex(DWORD dwIndex) {
INET_ASSERT(IsSecure());
m_dwProviderIndex = dwIndex;
}
BOOL MatchTunnelSemantics(DWORD dwFlags, LPSTR pszHostName = NULL) {
return (((m_dwFlags & SF_TUNNEL) == (dwFlags & SF_TUNNEL)) ? TRUE : FALSE) &&
(!pszHostName || 0 == strcmp(m_lpszHostName, pszHostName));
}
};