secur32_priv.h 10.9 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
/*
 * secur32 private definitions.
 *
 * Copyright (C) 2004 Juan Lang
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
18
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 20 21 22 23
 */

#ifndef __SECUR32_PRIV_H__
#define __SECUR32_PRIV_H__

24
#include <sys/types.h>
25
#include <limits.h>
26
#include "wine/list.h"
27
#include "schannel.h"
28

29 30
typedef struct _SecureProvider
{
31
    struct list             entry;
32
    BOOL                    loaded;
33 34 35 36 37 38 39 40
    PWSTR                   moduleName;
    HMODULE                 lib;
    SecurityFunctionTableA  fnTableA;
    SecurityFunctionTableW  fnTableW;
} SecureProvider;

typedef struct _SecurePackage
{
41
    struct list     entry;
42 43 44 45
    SecPkgInfoW     infoW;
    SecureProvider *provider;
} SecurePackage;

46 47 48 49 50 51
typedef enum _helper_mode {
    NTLM_SERVER,
    NTLM_CLIENT,
    NUM_HELPER_MODES
} HelperMode;

52 53 54 55 56
typedef struct tag_arc4_info {
    unsigned char x, y;
    unsigned char state[256];
} arc4_info;

57 58 59 60 61
typedef struct _NegoHelper {
    pid_t helper_pid;
    HelperMode mode;
    int pipe_in;
    int pipe_out;
62 63 64
    int major;
    int minor;
    int micro;
65 66 67
    char *com_buf;
    int com_buf_size;
    int com_buf_offset;
68
    BYTE *session_key;
69
    ULONG neg_flags;
70 71 72 73 74
    struct {
        struct {
            ULONG seq_num;
            arc4_info *a4i;
        } ntlm;
75 76 77 78 79 80 81 82 83 84
        struct {
            BYTE *send_sign_key;
            BYTE *send_seal_key;
            BYTE *recv_sign_key;
            BYTE *recv_seal_key;
            ULONG send_seq_no;
            ULONG recv_seq_no;
            arc4_info *send_a4i;
            arc4_info *recv_a4i;
        } ntlm2;
85
    } crypt;
86 87
} NegoHelper, *PNegoHelper;

88 89 90 91 92 93 94 95 96 97 98 99
typedef struct _NtlmCredentials
{
    HelperMode mode;

    /* these are all in the Unix codepage */
    char *username_arg;
    char *domain_arg;
    char *password; /* not nul-terminated */
    int pwlen;
    int no_cached_credentials; /* don't try to use cached Samba credentials */
} NtlmCredentials, *PNtlmCredentials;

100 101 102 103 104
typedef enum _sign_direction {
    NTLM_SEND,
    NTLM_RECV
} SignDirection;

105
/* Allocates space for and initializes a new provider.  If fnTableA or fnTableW
106 107
 * is non-NULL, assumes the provider is built-in, and if moduleName is non-NULL,
 * means must load the LSA/user mode functions tables from external SSP/AP module.
108 109 110
 * Otherwise moduleName must not be NULL.
 * Returns a pointer to the stored provider entry, for use adding packages.
 */
111
SecureProvider *SECUR32_addProvider(const SecurityFunctionTableA *fnTableA,
112
 const SecurityFunctionTableW *fnTableW, PCWSTR moduleName) DECLSPEC_HIDDEN;
113 114 115 116 117 118

/* Allocates space for and adds toAdd packages with the given provider.
 * provider must not be NULL, and either infoA or infoW may be NULL, but not
 * both.
 */
void SECUR32_addPackages(SecureProvider *provider, ULONG toAdd,
119
 const SecPkgInfoA *infoA, const SecPkgInfoW *infoW) DECLSPEC_HIDDEN;
120

121 122 123
/* Tries to find the package named packageName.  If it finds it, implicitly
 * loads the package if it isn't already loaded.
 */
124
SecurePackage *SECUR32_findPackageW(PCWSTR packageName) DECLSPEC_HIDDEN;
125 126 127

/* Tries to find the package named packageName.  (Thunks to _findPackageW)
 */
128
SecurePackage *SECUR32_findPackageA(PCSTR packageName) DECLSPEC_HIDDEN;
129 130

/* A few string helpers; will return NULL if str is NULL.  Free return with
131
 * HeapFree */
132 133
PWSTR SECUR32_AllocWideFromMultiByte(PCSTR str) DECLSPEC_HIDDEN;
PSTR  SECUR32_AllocMultiByteFromWide(PCWSTR str) DECLSPEC_HIDDEN;
134

135
/* Initialization functions for built-in providers */
136 137 138
void SECUR32_initSchannelSP(void) DECLSPEC_HIDDEN;
void SECUR32_initNegotiateSP(void) DECLSPEC_HIDDEN;
void SECUR32_initNTLMSP(void) DECLSPEC_HIDDEN;
139

140
/* Cleanup functions for built-in providers */
141
void SECUR32_deinitSchannelSP(void) DECLSPEC_HIDDEN;
142

143 144
/* Functions from dispatcher.c used elsewhere in the code */
SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
145
        char * const argv[]) DECLSPEC_HIDDEN;
146 147

SECURITY_STATUS run_helper(PNegoHelper helper, char *buffer,
148
        unsigned int max_buflen, int *buflen) DECLSPEC_HIDDEN;
149

150
void cleanup_helper(PNegoHelper helper) DECLSPEC_HIDDEN;
151

152
void check_version(PNegoHelper helper) DECLSPEC_HIDDEN;
153

154
/* Functions from base64_codec.c used elsewhere */
155
SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char* out_buf,
156
        int max_len, int *out_len) DECLSPEC_HIDDEN;
157

158
SECURITY_STATUS decodeBase64(char *in_buf, int in_len, BYTE *out_buf,
159
        int max_len, int *out_len) DECLSPEC_HIDDEN;
160

161
/* Functions from util.c */
162 163 164 165 166 167 168
ULONG ComputeCrc32(const BYTE *pData, INT iLen, ULONG initial_crc) DECLSPEC_HIDDEN;
SECURITY_STATUS SECUR32_CreateNTLM1SessionKey(PBYTE password, int len, PBYTE session_key) DECLSPEC_HIDDEN;
SECURITY_STATUS SECUR32_CreateNTLM2SubKeys(PNegoHelper helper) DECLSPEC_HIDDEN;
arc4_info *SECUR32_arc4Alloc(void) DECLSPEC_HIDDEN;
void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen) DECLSPEC_HIDDEN;
void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length) DECLSPEC_HIDDEN;
void SECUR32_arc4Cleanup(arc4_info *a4i) DECLSPEC_HIDDEN;
169

170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189
/* NTLMSSP flags indicating the negotiated features */
#define NTLMSSP_NEGOTIATE_UNICODE                   0x00000001
#define NTLMSSP_NEGOTIATE_OEM                       0x00000002
#define NTLMSSP_REQUEST_TARGET                      0x00000004
#define NTLMSSP_NEGOTIATE_SIGN                      0x00000010
#define NTLMSSP_NEGOTIATE_SEAL                      0x00000020
#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE            0x00000040
#define NTLMSSP_NEGOTIATE_LM_SESSION_KEY            0x00000080
#define NTLMSSP_NEGOTIATE_NTLM                      0x00000200
#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED           0x00001000
#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED      0x00002000
#define NTLMSSP_NEGOTIATE_LOCAL_CALL                0x00004000
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN               0x00008000
#define NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN        0x00010000
#define NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER        0x00020000
#define NTLMSSP_NEGOTIATE_NTLM2                     0x00080000
#define NTLMSSP_NEGOTIATE_TARGET_INFO               0x00800000
#define NTLMSSP_NEGOTIATE_128                       0x20000000
#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE              0x40000000
#define NTLMSSP_NEGOTIATE_56                        0x80000000
190

191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208
SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(SEC_WCHAR *, SEC_WCHAR *,
    ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(PCredHandle, PCtxtHandle,
    SEC_WCHAR *, ULONG fContextReq, ULONG, ULONG, PSecBufferDesc, ULONG, PCtxtHandle,
    PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle, PCtxtHandle, PSecBufferDesc,
    ULONG, ULONG, PCtxtHandle, PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(PCredHandle) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN;

SecPkgInfoW *ntlm_package_infoW;
SecPkgInfoA *ntlm_package_infoA;
209 210 211 212 213 214 215

/* schannel internal interface */
typedef struct schan_imp_session_opaque *schan_imp_session;
typedef struct schan_imp_certificate_credentials_opaque *schan_imp_certificate_credentials;

struct schan_transport;

216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233
struct schan_buffers
{
    SIZE_T offset;
    SIZE_T limit;
    const SecBufferDesc *desc;
    int current_buffer_idx;
    BOOL allow_buffer_resize;
    int (*get_next_buffer)(const struct schan_transport *, struct schan_buffers *);
};

struct schan_transport
{
    struct schan_context *ctx;
    struct schan_buffers in;
    struct schan_buffers out;
};

char *schan_get_buffer(const struct schan_transport *t, struct schan_buffers *s, SIZE_T *count) DECLSPEC_HIDDEN;
234 235
extern int schan_pull(struct schan_transport *t, void *buff, size_t *buff_len) DECLSPEC_HIDDEN;
extern int schan_push(struct schan_transport *t, const void *buff, size_t *buff_len) DECLSPEC_HIDDEN;
236

237
extern schan_imp_session schan_session_for_transport(struct schan_transport* t) DECLSPEC_HIDDEN;
238 239 240

/* schannel implementation interface */
extern BOOL schan_imp_create_session(schan_imp_session *session, BOOL is_server,
241 242
                                     schan_imp_certificate_credentials cred) DECLSPEC_HIDDEN;
extern void schan_imp_dispose_session(schan_imp_session session) DECLSPEC_HIDDEN;
243
extern void schan_imp_set_session_transport(schan_imp_session session,
244 245 246
                                            struct schan_transport *t) DECLSPEC_HIDDEN;
extern SECURITY_STATUS schan_imp_handshake(schan_imp_session session) DECLSPEC_HIDDEN;
extern unsigned int schan_imp_get_session_cipher_block_size(schan_imp_session session) DECLSPEC_HIDDEN;
247
extern unsigned int schan_imp_get_max_message_size(schan_imp_session session) DECLSPEC_HIDDEN;
248
extern SECURITY_STATUS schan_imp_get_connection_info(schan_imp_session session,
249
                                                     SecPkgContext_ConnectionInfo *info) DECLSPEC_HIDDEN;
250
extern SECURITY_STATUS schan_imp_get_session_peer_certificate(schan_imp_session session,
251
                                                              PCCERT_CONTEXT *cert) DECLSPEC_HIDDEN;
252
extern SECURITY_STATUS schan_imp_send(schan_imp_session session, const void *buffer,
253
                                      SIZE_T *length) DECLSPEC_HIDDEN;
254
extern SECURITY_STATUS schan_imp_recv(schan_imp_session session, void *buffer,
255
                                      SIZE_T *length) DECLSPEC_HIDDEN;
256 257 258 259
extern BOOL schan_imp_allocate_certificate_credentials(schan_imp_certificate_credentials *c) DECLSPEC_HIDDEN;
extern void schan_imp_free_certificate_credentials(schan_imp_certificate_credentials c) DECLSPEC_HIDDEN;
extern BOOL schan_imp_init(void) DECLSPEC_HIDDEN;
extern void schan_imp_deinit(void) DECLSPEC_HIDDEN;
260 261


262
#endif /* ndef __SECUR32_PRIV_H__ */