archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/com/rpc/runtime/mtrt/secclnt.hxx

548 lines
10 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (C) Microsoft Corporation, 1991 - 1999
  5. Module Name:
  7. secclnt.hxx
  9. Abstract:
  11. This file contains an abstraction to the security support for clients
  12. and that which is common to both servers and clients.
  14. Author:
  16. Michael Montague (mikemon) 10-Apr-1992
  18. Revision History:
  20. --*/
  22. #ifndef __SECCLNT_HXX__
  23. #define __SECCLNT_HXX__
  25. typedef SecBufferDesc SECURITY_BUFFER_DESCRIPTOR;
  26. typedef SecBuffer SECURITY_BUFFER;
  28. #define MAXIMUM_SECURITY_BLOCK_SIZE 16
  30. enum PACKAGE_LEG_COUNT
  31. {
  32. LegsUnknown,
  33. ThreeLegs,
  34. EvenNumberOfLegs
  35. };
  37. typedef struct
  38. {
  39. #ifdef UNICODE
  40. SecPkgInfoW PackageInfo;
  41. #else
  42. SecPkgInfoA PackageInfo;
  43. #endif
  44. SECURITY_CREDENTIALS *ServerSecurityCredentials;
  45. PACKAGE_LEG_COUNT LegCount;
  46. } SECURITY_PACKAGE_INFO;
  48. typedef struct
  49. {
  50. unsigned long Count;
  51. SECURITY_PACKAGE_INFO * SecurityPackages;
  52. PSecurityFunctionTable RpcSecurityInterface;
  53. void * ProviderDll;
  54. RPC_CHAR *ProviderDllName;
  55. } SECURITY_PROVIDER_INFO;
  57. extern SECURITY_PROVIDER_INFO PAPI * ProviderList;
  58. extern unsigned long NumberOfProviders;
  59. extern unsigned long LoadedProviders;
  60. extern unsigned long AvailableProviders;
  63. extern int SecuritySupportLoaded;
  64. extern int FailedToLoad;
  65. extern PSecurityFunctionTable RpcSecurityInterface;
  66. extern SecPkgInfo PAPI * SecurityPackages;
  67. extern unsigned long NumberOfSecurityPackages;
  68. extern MUTEX * SecurityCritSect;
  70. extern RPC_STATUS
  71. InsureSecuritySupportLoaded (
  72. );
  74. extern RPC_STATUS
  75. IsAuthenticationServiceSupported (
  76. IN unsigned long AuthenticationService
  77. );
  79. extern RPC_STATUS
  80. FindServerCredentials (
  81. IN RPC_AUTH_KEY_RETRIEVAL_FN GetKeyFn,
  82. IN void __RPC_FAR * Arg,
  83. IN unsigned long AuthenticationService,
  84. IN unsigned long AuthenticationLevel,
  85. IN RPC_CHAR __RPC_FAR * Principal,
  86. IN OUT SECURITY_CREDENTIALS ** SecurityCredentials
  87. );
  89. extern RPC_STATUS
  90. RemoveCredentialsFromCache (
  91. IN unsigned long AuthenticationService
  92. );
  94. extern PACKAGE_LEG_COUNT
  95. GetPackageLegCount(
  96. DWORD id
  97. );
  99. extern BOOL
  100. ReadPackageLegInfo();
  102. extern DWORD * FourLeggedPackages;
  106. class SECURITY_CREDENTIALS
  107. /*++
  109. Class Description:
  111. This class is an abstraction of the credential handle provided by
  112. the Security APIs.
  114. Fields:
  116. PackageIndex - Contains the index for this package in the array of
  117. packages pointed to by SecurityPackages.
  119. Credentials - Contains the credential handle used by the security
  120. package.
  122. --*/
  123. {
  125. friend RPC_STATUS
  126. FindServerCredentials (
  127. IN RPC_AUTH_KEY_RETRIEVAL_FN GetKeyFn,
  128. IN void __RPC_FAR * Arg,
  129. IN unsigned long AuthenticationService,
  130. IN unsigned long AuthenticationLevel,
  131. IN RPC_CHAR __RPC_FAR * Principal,
  132. IN OUT SECURITY_CREDENTIALS ** SecurityCredentials
  133. );
  136. public:
  138. unsigned AuthenticationService;
  140. private:
  142. BOOL Valid;
  143. unsigned int ProviderIndex;
  144. unsigned int PackageIndex;
  145. CredHandle CredentialsHandle;
  146. unsigned int ReferenceCount;
  147. MUTEX CredentialsMutex;
  148. BOOL bServerCredentials;
  149. BOOL fDeleted;
  151. SEC_CHAR __SEC_FAR * DefaultPrincName;
  153. public:
  155. SECURITY_CREDENTIALS (
  156. IN OUT RPC_STATUS PAPI * Status
  157. );
  159. ~SECURITY_CREDENTIALS ();
  161. RPC_STATUS
  162. AcquireCredentialsForServer (
  163. IN RPC_AUTH_KEY_RETRIEVAL_FN GetKeyFn,
  164. IN void __RPC_FAR * Arg,
  165. IN unsigned long AuthenticationService,
  166. IN unsigned long AuthenticationLevel,
  167. IN RPC_CHAR __RPC_FAR * Principal
  168. );
  170. RPC_STATUS
  171. AcquireCredentialsForClient (
  172. IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity,
  173. IN unsigned long AuthenticationService,
  174. IN unsigned long AuthenticationLevel
  175. );
  178. RPC_STATUS
  179. InquireDefaultPrincName (
  180. OUT SEC_CHAR __SEC_FAR **MyDefaultPrincName
  181. );
  183. void
  184. FreeCredentials (
  185. );
  187. unsigned int
  188. MaximumTokenLength (
  189. );
  191. PCredHandle
  192. InquireCredHandle (
  193. );
  195. void
  196. ReferenceCredentials(
  197. );
  199. void
  200. DereferenceCredentials(
  201. BOOL fRemoveIt = FALSE OPTIONAL
  202. );
  204. PSecurityFunctionTable
  205. InquireProviderFunctionTable (
  206. );
  208. int
  209. CompareCredentials(
  210. SECURITY_CREDENTIALS PAPI * Creds
  211. );
  213. };
  216. inline
  217. int
  218. SECURITY_CREDENTIALS::CompareCredentials(
  219. SECURITY_CREDENTIALS PAPI * Creds
  220. )
  221. {
  222. CredHandle * Cookie = Creds->InquireCredHandle();
  224. if ( (CredentialsHandle.dwLower == Cookie->dwLower)
  225. &&(CredentialsHandle.dwUpper == Cookie->dwUpper) )
  226. {
  227. return 0;
  228. }
  229. return 1;
  230. }
  233. inline unsigned int
  234. SECURITY_CREDENTIALS::MaximumTokenLength (
  235. )
  236. /*++
  238. Return Value:
  240. The maximum size, in bytes, of the tokens passed around at security
  241. context initialization time.
  243. --*/
  244. {
  245. return(ProviderList[ProviderIndex].SecurityPackages[PackageIndex].PackageInfo.cbMaxToken);
  246. }
  249. inline PSecurityFunctionTable
  250. SECURITY_CREDENTIALS::InquireProviderFunctionTable(
  251. )
  252. /*++
  254. Return Value:
  256. --*/
  257. {
  258. return(ProviderList[ProviderIndex].RpcSecurityInterface);
  259. }
  263. inline PCredHandle
  264. SECURITY_CREDENTIALS::InquireCredHandle (
  265. )
  266. /*++
  268. Return Value:
  270. The credential handle for this object will be returned.
  272. --*/
  273. {
  274. return(&CredentialsHandle);
  275. }
  278. class SECURITY_CONTEXT : public CLIENT_AUTH_INFO
  280. /*++
  282. Class Description:
  284. This is an abstraction of a security context. It allows you to use
  285. it to generate signatures and then verify them, as well as, sealing
  286. and unsealing messages.
  288. Fields:
  290. DontForgetToDelete - Contains a flag indicating whether or not there
  291. is a valid security context which needs to be deleted. A value
  292. of non-zero indicates there is a valid security context.
  294. SecurityContext - Contains a handle to the security context maintained
  295. by the security package on our behalf.
  297. MaxHeaderLength - Contains the maximum size of a header for this
  298. security context.
  300. MaxSignatureLength - Contains the maximum size of a signature for
  301. this security context.
  303. --*/
  304. {
  305. public:
  307. unsigned AuthContextId;
  308. unsigned Flags;
  309. unsigned long ContextAttributes;
  310. PACKAGE_LEG_COUNT Legs;
  312. SECURITY_CONTEXT (
  313. CLIENT_AUTH_INFO *myAuthInfo,
  314. unsigned myAuthContextId,
  315. BOOL fUseDatagram,
  316. RPC_STATUS __RPC_FAR * pStatus
  317. );
  319. inline ~SECURITY_CONTEXT (
  320. void
  321. )
  322. {
  323. DeleteSecurityContext();
  324. }
  326. RPC_STATUS
  327. SetMaximumLengths (
  328. );
  330. unsigned int
  331. MaximumHeaderLength (
  332. );
  334. unsigned int
  335. MaximumSignatureLength (
  336. );
  338. unsigned int
  339. BlockSize (
  340. );
  342. RPC_STATUS
  343. CompleteSecurityToken (
  344. IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
  345. );
  347. RPC_STATUS
  348. SignOrSeal (
  349. IN unsigned long Sequence,
  350. IN unsigned int SignNotSealFlag,
  351. IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
  352. );
  354. RPC_STATUS
  355. VerifyOrUnseal (
  356. IN unsigned long Sequence,
  357. IN unsigned int VerifyNotUnsealFlag,
  358. IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
  359. );
  361. BOOL
  362. FullyConstructed()
  363. {
  364. return fFullyConstructed;
  365. }
  367. // client-side calls
  369. RPC_STATUS
  370. InitializeFirstTime(
  371. IN SECURITY_CREDENTIALS * Credentials,
  372. IN RPC_CHAR * ServerPrincipal,
  373. IN unsigned long AuthenticationLevel,
  374. IN OUT SECURITY_BUFFER_DESCRIPTOR * BufferDescriptor,
  375. IN OUT unsigned char *NewAuthType = NULL
  376. );
  378. RPC_STATUS
  379. InitializeThirdLeg(
  380. IN SECURITY_CREDENTIALS * Credentials,
  381. IN unsigned long DataRep,
  382. IN SECURITY_BUFFER_DESCRIPTOR * In,
  383. IN OUT SECURITY_BUFFER_DESCRIPTOR * Out
  384. );
  386. RPC_STATUS
  387. GetWireIdForSnego(
  388. OUT unsigned char *WireId
  389. );
  391. // server-side calls
  393. void
  394. DeletePac (
  395. void PAPI * Pac
  396. );
  398. RPC_STATUS
  399. AcceptFirstTime (
  400. IN SECURITY_CREDENTIALS * Credentials,
  401. IN SECURITY_BUFFER_DESCRIPTOR PAPI * InputBufferDescriptor,
  402. IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * OutputBufferDescriptor,
  403. IN unsigned long AuthenticationLevel,
  404. IN unsigned long DataRepresentation,
  405. IN unsigned long NewContextNeededFlag
  406. );
  408. RPC_STATUS
  409. AcceptThirdLeg (
  410. IN unsigned long DataRepresentation,
  411. IN SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor,
  412. OUT SECURITY_BUFFER_DESCRIPTOR PAPI * OutBufferDescriptor
  413. );
  415. unsigned long
  416. InquireAuthorizationService (
  417. );
  419. RPC_AUTHZ_HANDLE
  420. InquirePrivileges (
  421. );
  423. RPC_STATUS
  424. ImpersonateClient (
  425. );
  427. void
  428. RevertToSelf (
  429. );
  431. RPC_STATUS
  432. GetAccessToken (
  433. OUT HANDLE *ImpersonationToken,
  434. OUT BOOL *fNeedToCloseToken
  435. );
  437. inline AUTHZ_CLIENT_CONTEXT_HANDLE
  438. GetAuthzContext (
  439. void
  440. )
  441. {
  442. return AuthzClientContext;
  443. }
  445. inline PAUTHZ_CLIENT_CONTEXT_HANDLE
  446. GetAuthzContextAddress (
  447. void
  448. )
  449. {
  450. return &AuthzClientContext;
  451. }
  453. DWORD
  454. GetDceInfo (
  455. RPC_AUTHZ_HANDLE __RPC_FAR * PacHandle,
  456. unsigned long __RPC_FAR * AuthzSvc
  457. );
  459. void
  460. DeleteSecurityContext (
  461. void
  462. );
  464. RPC_STATUS
  465. CheckForFailedThirdLeg (
  466. void
  467. );
  469. protected:
  471. unsigned char fFullyConstructed;
  472. unsigned char DontForgetToDelete;
  473. unsigned char fDatagram;
  475. CtxtHandle SecurityContext;
  477. unsigned int MaxHeaderLength;
  478. unsigned int MaxSignatureLength;
  479. unsigned int cbBlockSize;
  481. PSecurityFunctionTable RpcSecurityInterface;
  482. int FailedContext;
  483. ExtendedErrorInfo *FailedContextEEInfo;
  485. AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext;
  487. DWORD VerifyCertificate();
  489. public:
  490. CtxtHandle *
  491. InqSecurityContext ()
  492. {
  493. return &SecurityContext;
  494. }
  495. };
  497. typedef SECURITY_CONTEXT * PSECURITY_CONTEXT;
  500. inline unsigned int
  501. SECURITY_CONTEXT::MaximumHeaderLength (
  502. )
  503. /*++
  505. Return Value:
  507. The maximum size of the header used by SECURITY_CONTEXT::SealMessage
  508. will be returned. This is in bytes.
  510. --*/
  511. {
  512. return(MaxHeaderLength);
  513. }
  516. inline unsigned int
  517. SECURITY_CONTEXT::BlockSize (
  518. )
  519. /*++
  521. Return Value:
  523. For best effect, buffers to be signed or sealed should be a multiple
  524. of this length.
  526. --*/
  527. {
  528. return(cbBlockSize);
  529. }
  532. inline unsigned int
  533. SECURITY_CONTEXT::MaximumSignatureLength (
  534. )
  535. /*++
  537. Return Value:
  539. The maximum size, in bytes, of the signature used by
  540. SECURITY_CONTEXT::MakeSignature will be returned.
  542. --*/
  543. {
  544. return(MaxSignatureLength);
  545. }
  547. #endif // __SECCLNT_HXX__