Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

548 lines
10 KiB

/*++
Copyright (C) Microsoft Corporation, 1991 - 1999
Module Name:
secclnt.hxx
Abstract:
This file contains an abstraction to the security support for clients
and that which is common to both servers and clients.
Author:
Michael Montague (mikemon) 10-Apr-1992
Revision History:
--*/
#ifndef __SECCLNT_HXX__
#define __SECCLNT_HXX__
typedef SecBufferDesc SECURITY_BUFFER_DESCRIPTOR;
typedef SecBuffer SECURITY_BUFFER;
#define MAXIMUM_SECURITY_BLOCK_SIZE 16
enum PACKAGE_LEG_COUNT
{
LegsUnknown,
ThreeLegs,
EvenNumberOfLegs
};
typedef struct
{
#ifdef UNICODE
SecPkgInfoW PackageInfo;
#else
SecPkgInfoA PackageInfo;
#endif
SECURITY_CREDENTIALS *ServerSecurityCredentials;
PACKAGE_LEG_COUNT LegCount;
} SECURITY_PACKAGE_INFO;
typedef struct
{
unsigned long Count;
SECURITY_PACKAGE_INFO * SecurityPackages;
PSecurityFunctionTable RpcSecurityInterface;
void * ProviderDll;
RPC_CHAR *ProviderDllName;
} SECURITY_PROVIDER_INFO;
extern SECURITY_PROVIDER_INFO PAPI * ProviderList;
extern unsigned long NumberOfProviders;
extern unsigned long LoadedProviders;
extern unsigned long AvailableProviders;
extern int SecuritySupportLoaded;
extern int FailedToLoad;
extern PSecurityFunctionTable RpcSecurityInterface;
extern SecPkgInfo PAPI * SecurityPackages;
extern unsigned long NumberOfSecurityPackages;
extern MUTEX * SecurityCritSect;
extern RPC_STATUS
InsureSecuritySupportLoaded (
);
extern RPC_STATUS
IsAuthenticationServiceSupported (
IN unsigned long AuthenticationService
);
extern RPC_STATUS
FindServerCredentials (
IN RPC_AUTH_KEY_RETRIEVAL_FN GetKeyFn,
IN void __RPC_FAR * Arg,
IN unsigned long AuthenticationService,
IN unsigned long AuthenticationLevel,
IN RPC_CHAR __RPC_FAR * Principal,
IN OUT SECURITY_CREDENTIALS ** SecurityCredentials
);
extern RPC_STATUS
RemoveCredentialsFromCache (
IN unsigned long AuthenticationService
);
extern PACKAGE_LEG_COUNT
GetPackageLegCount(
DWORD id
);
extern BOOL
ReadPackageLegInfo();
extern DWORD * FourLeggedPackages;
class SECURITY_CREDENTIALS
/*++
Class Description:
This class is an abstraction of the credential handle provided by
the Security APIs.
Fields:
PackageIndex - Contains the index for this package in the array of
packages pointed to by SecurityPackages.
Credentials - Contains the credential handle used by the security
package.
--*/
{
friend RPC_STATUS
FindServerCredentials (
IN RPC_AUTH_KEY_RETRIEVAL_FN GetKeyFn,
IN void __RPC_FAR * Arg,
IN unsigned long AuthenticationService,
IN unsigned long AuthenticationLevel,
IN RPC_CHAR __RPC_FAR * Principal,
IN OUT SECURITY_CREDENTIALS ** SecurityCredentials
);
public:
unsigned AuthenticationService;
private:
BOOL Valid;
unsigned int ProviderIndex;
unsigned int PackageIndex;
CredHandle CredentialsHandle;
unsigned int ReferenceCount;
MUTEX CredentialsMutex;
BOOL bServerCredentials;
BOOL fDeleted;
SEC_CHAR __SEC_FAR * DefaultPrincName;
public:
SECURITY_CREDENTIALS (
IN OUT RPC_STATUS PAPI * Status
);
~SECURITY_CREDENTIALS ();
RPC_STATUS
AcquireCredentialsForServer (
IN RPC_AUTH_KEY_RETRIEVAL_FN GetKeyFn,
IN void __RPC_FAR * Arg,
IN unsigned long AuthenticationService,
IN unsigned long AuthenticationLevel,
IN RPC_CHAR __RPC_FAR * Principal
);
RPC_STATUS
AcquireCredentialsForClient (
IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity,
IN unsigned long AuthenticationService,
IN unsigned long AuthenticationLevel
);
RPC_STATUS
InquireDefaultPrincName (
OUT SEC_CHAR __SEC_FAR **MyDefaultPrincName
);
void
FreeCredentials (
);
unsigned int
MaximumTokenLength (
);
PCredHandle
InquireCredHandle (
);
void
ReferenceCredentials(
);
void
DereferenceCredentials(
BOOL fRemoveIt = FALSE OPTIONAL
);
PSecurityFunctionTable
InquireProviderFunctionTable (
);
int
CompareCredentials(
SECURITY_CREDENTIALS PAPI * Creds
);
};
inline
int
SECURITY_CREDENTIALS::CompareCredentials(
SECURITY_CREDENTIALS PAPI * Creds
)
{
CredHandle * Cookie = Creds->InquireCredHandle();
if ( (CredentialsHandle.dwLower == Cookie->dwLower)
&&(CredentialsHandle.dwUpper == Cookie->dwUpper) )
{
return 0;
}
return 1;
}
inline unsigned int
SECURITY_CREDENTIALS::MaximumTokenLength (
)
/*++
Return Value:
The maximum size, in bytes, of the tokens passed around at security
context initialization time.
--*/
{
return(ProviderList[ProviderIndex].SecurityPackages[PackageIndex].PackageInfo.cbMaxToken);
}
inline PSecurityFunctionTable
SECURITY_CREDENTIALS::InquireProviderFunctionTable(
)
/*++
Return Value:
--*/
{
return(ProviderList[ProviderIndex].RpcSecurityInterface);
}
inline PCredHandle
SECURITY_CREDENTIALS::InquireCredHandle (
)
/*++
Return Value:
The credential handle for this object will be returned.
--*/
{
return(&CredentialsHandle);
}
class SECURITY_CONTEXT : public CLIENT_AUTH_INFO
/*++
Class Description:
This is an abstraction of a security context. It allows you to use
it to generate signatures and then verify them, as well as, sealing
and unsealing messages.
Fields:
DontForgetToDelete - Contains a flag indicating whether or not there
is a valid security context which needs to be deleted. A value
of non-zero indicates there is a valid security context.
SecurityContext - Contains a handle to the security context maintained
by the security package on our behalf.
MaxHeaderLength - Contains the maximum size of a header for this
security context.
MaxSignatureLength - Contains the maximum size of a signature for
this security context.
--*/
{
public:
unsigned AuthContextId;
unsigned Flags;
unsigned long ContextAttributes;
PACKAGE_LEG_COUNT Legs;
SECURITY_CONTEXT (
CLIENT_AUTH_INFO *myAuthInfo,
unsigned myAuthContextId,
BOOL fUseDatagram,
RPC_STATUS __RPC_FAR * pStatus
);
inline ~SECURITY_CONTEXT (
void
)
{
DeleteSecurityContext();
}
RPC_STATUS
SetMaximumLengths (
);
unsigned int
MaximumHeaderLength (
);
unsigned int
MaximumSignatureLength (
);
unsigned int
BlockSize (
);
RPC_STATUS
CompleteSecurityToken (
IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
);
RPC_STATUS
SignOrSeal (
IN unsigned long Sequence,
IN unsigned int SignNotSealFlag,
IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
);
RPC_STATUS
VerifyOrUnseal (
IN unsigned long Sequence,
IN unsigned int VerifyNotUnsealFlag,
IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
);
BOOL
FullyConstructed()
{
return fFullyConstructed;
}
// client-side calls
RPC_STATUS
InitializeFirstTime(
IN SECURITY_CREDENTIALS * Credentials,
IN RPC_CHAR * ServerPrincipal,
IN unsigned long AuthenticationLevel,
IN OUT SECURITY_BUFFER_DESCRIPTOR * BufferDescriptor,
IN OUT unsigned char *NewAuthType = NULL
);
RPC_STATUS
InitializeThirdLeg(
IN SECURITY_CREDENTIALS * Credentials,
IN unsigned long DataRep,
IN SECURITY_BUFFER_DESCRIPTOR * In,
IN OUT SECURITY_BUFFER_DESCRIPTOR * Out
);
RPC_STATUS
GetWireIdForSnego(
OUT unsigned char *WireId
);
// server-side calls
void
DeletePac (
void PAPI * Pac
);
RPC_STATUS
AcceptFirstTime (
IN SECURITY_CREDENTIALS * Credentials,
IN SECURITY_BUFFER_DESCRIPTOR PAPI * InputBufferDescriptor,
IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * OutputBufferDescriptor,
IN unsigned long AuthenticationLevel,
IN unsigned long DataRepresentation,
IN unsigned long NewContextNeededFlag
);
RPC_STATUS
AcceptThirdLeg (
IN unsigned long DataRepresentation,
IN SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor,
OUT SECURITY_BUFFER_DESCRIPTOR PAPI * OutBufferDescriptor
);
unsigned long
InquireAuthorizationService (
);
RPC_AUTHZ_HANDLE
InquirePrivileges (
);
RPC_STATUS
ImpersonateClient (
);
void
RevertToSelf (
);
RPC_STATUS
GetAccessToken (
OUT HANDLE *ImpersonationToken,
OUT BOOL *fNeedToCloseToken
);
inline AUTHZ_CLIENT_CONTEXT_HANDLE
GetAuthzContext (
void
)
{
return AuthzClientContext;
}
inline PAUTHZ_CLIENT_CONTEXT_HANDLE
GetAuthzContextAddress (
void
)
{
return &AuthzClientContext;
}
DWORD
GetDceInfo (
RPC_AUTHZ_HANDLE __RPC_FAR * PacHandle,
unsigned long __RPC_FAR * AuthzSvc
);
void
DeleteSecurityContext (
void
);
RPC_STATUS
CheckForFailedThirdLeg (
void
);
protected:
unsigned char fFullyConstructed;
unsigned char DontForgetToDelete;
unsigned char fDatagram;
CtxtHandle SecurityContext;
unsigned int MaxHeaderLength;
unsigned int MaxSignatureLength;
unsigned int cbBlockSize;
PSecurityFunctionTable RpcSecurityInterface;
int FailedContext;
ExtendedErrorInfo *FailedContextEEInfo;
AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext;
DWORD VerifyCertificate();
public:
CtxtHandle *
InqSecurityContext ()
{
return &SecurityContext;
}
};
typedef SECURITY_CONTEXT * PSECURITY_CONTEXT;
inline unsigned int
SECURITY_CONTEXT::MaximumHeaderLength (
)
/*++
Return Value:
The maximum size of the header used by SECURITY_CONTEXT::SealMessage
will be returned. This is in bytes.
--*/
{
return(MaxHeaderLength);
}
inline unsigned int
SECURITY_CONTEXT::BlockSize (
)
/*++
Return Value:
For best effect, buffers to be signed or sealed should be a multiple
of this length.
--*/
{
return(cbBlockSize);
}
inline unsigned int
SECURITY_CONTEXT::MaximumSignatureLength (
)
/*++
Return Value:
The maximum size, in bytes, of the signature used by
SECURITY_CONTEXT::MakeSignature will be returned.
--*/
{
return(MaxSignatureLength);
}
#endif // __SECCLNT_HXX__