FreeRDP
include/winpr/sspi.h
1 
20 #ifndef WINPR_SSPI_H
21 #define WINPR_SSPI_H
22 
23 #include <winpr/platform.h>
24 #include <winpr/winpr.h>
25 #include <winpr/wtypes.h>
26 #include <winpr/windows.h>
27 #include <winpr/security.h>
28 
29 #ifdef _WIN32
30 
31 #include <tchar.h>
32 #include <winerror.h>
33 
34 #define SECURITY_WIN32
35 #include <sspi.h>
36 #include <security.h>
37 
38 #endif /* _WIN32 */
39 
40 #if !defined(_WIN32) || defined(_UWP)
41 
42 #ifndef SEC_ENTRY
43 #define SEC_ENTRY
44 #endif /* SEC_ENTRY */
45 
46 typedef CHAR SEC_CHAR;
47 typedef WCHAR SEC_WCHAR;
48 
49 typedef struct
50 {
51  UINT32 LowPart;
52  INT32 HighPart;
53 } SECURITY_INTEGER;
54 
55 typedef SECURITY_INTEGER TimeStamp;
56 typedef SECURITY_INTEGER* PTimeStamp;
57 
58 WINPR_PRAGMA_DIAG_PUSH
59 WINPR_PRAGMA_DIAG_IGNORED_RESERVED_ID_MACRO
60 
61 #ifndef __SECSTATUS_DEFINED__
62 typedef LONG SECURITY_STATUS;
63 #define __SECSTATUS_DEFINED__
64 #endif /* __SECSTATUS_DEFINED__ */
65 
66 WINPR_PRAGMA_DIAG_POP
67 
68 typedef struct
69 {
70  UINT32 fCapabilities;
71  UINT16 wVersion;
72  UINT16 wRPCID;
73  UINT32 cbMaxToken;
74  SEC_CHAR* Name;
75  SEC_CHAR* Comment;
76 } SecPkgInfoA;
77 typedef SecPkgInfoA* PSecPkgInfoA;
78 
79 typedef struct
80 {
81  UINT32 fCapabilities;
82  UINT16 wVersion;
83  UINT16 wRPCID;
84  UINT32 cbMaxToken;
85  SEC_WCHAR* Name;
86  SEC_WCHAR* Comment;
87 } SecPkgInfoW;
88 typedef SecPkgInfoW* PSecPkgInfoW;
89 
90 #ifdef UNICODE
91 #define SecPkgInfo SecPkgInfoW
92 #define PSecPkgInfo PSecPkgInfoW
93 #else
94 #define SecPkgInfo SecPkgInfoA
95 #define PSecPkgInfo PSecPkgInfoA
96 #endif /* UNICODE */
97 
98 #endif /* !defined(_WIN32) || defined(_UWP) */
99 
100 #define NTLM_SSP_NAME _T("NTLM")
101 #define KERBEROS_SSP_NAME _T("Kerberos")
102 #define NEGO_SSP_NAME _T("Negotiate")
103 
104 #define SECPKG_ID_NONE 0xFFFF
105 
106 #define SECPKG_FLAG_INTEGRITY 0x00000001
107 #define SECPKG_FLAG_PRIVACY 0x00000002
108 #define SECPKG_FLAG_TOKEN_ONLY 0x00000004
109 #define SECPKG_FLAG_DATAGRAM 0x00000008
110 #define SECPKG_FLAG_CONNECTION 0x00000010
111 #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020
112 #define SECPKG_FLAG_CLIENT_ONLY 0x00000040
113 #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080
114 #define SECPKG_FLAG_IMPERSONATION 0x00000100
115 #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200
116 #define SECPKG_FLAG_STREAM 0x00000400
117 #define SECPKG_FLAG_NEGOTIABLE 0x00000800
118 #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000
119 #define SECPKG_FLAG_LOGON 0x00002000
120 #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000
121 #define SECPKG_FLAG_FRAGMENT 0x00008000
122 #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000
123 #define SECPKG_FLAG_DELEGATION 0x00020000
124 #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000
125 #define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000
126 #define SECPKG_FLAG_NEGO_EXTENDER 0x00100000
127 #define SECPKG_FLAG_NEGOTIABLE2 0x00200000
128 
129 #ifndef _WINERROR_
130 
131 #define SEC_E_OK (SECURITY_STATUS)0x00000000L
132 #define SEC_E_INSUFFICIENT_MEMORY (SECURITY_STATUS)0x80090300L
133 #define SEC_E_INVALID_HANDLE (SECURITY_STATUS)0x80090301L
134 #define SEC_E_UNSUPPORTED_FUNCTION (SECURITY_STATUS)0x80090302L
135 #define SEC_E_TARGET_UNKNOWN (SECURITY_STATUS)0x80090303L
136 #define SEC_E_INTERNAL_ERROR (SECURITY_STATUS)0x80090304L
137 #define SEC_E_SECPKG_NOT_FOUND (SECURITY_STATUS)0x80090305L
138 #define SEC_E_NOT_OWNER (SECURITY_STATUS)0x80090306L
139 #define SEC_E_CANNOT_INSTALL (SECURITY_STATUS)0x80090307L
140 #define SEC_E_INVALID_TOKEN (SECURITY_STATUS)0x80090308L
141 #define SEC_E_CANNOT_PACK (SECURITY_STATUS)0x80090309L
142 #define SEC_E_QOP_NOT_SUPPORTED (SECURITY_STATUS)0x8009030AL
143 #define SEC_E_NO_IMPERSONATION (SECURITY_STATUS)0x8009030BL
144 #define SEC_E_LOGON_DENIED (SECURITY_STATUS)0x8009030CL
145 #define SEC_E_UNKNOWN_CREDENTIALS (SECURITY_STATUS)0x8009030DL
146 #define SEC_E_NO_CREDENTIALS (SECURITY_STATUS)0x8009030EL
147 #define SEC_E_MESSAGE_ALTERED (SECURITY_STATUS)0x8009030FL
148 #define SEC_E_OUT_OF_SEQUENCE (SECURITY_STATUS)0x80090310L
149 #define SEC_E_NO_AUTHENTICATING_AUTHORITY (SECURITY_STATUS)0x80090311L
150 #define SEC_E_BAD_PKGID (SECURITY_STATUS)0x80090316L
151 #define SEC_E_CONTEXT_EXPIRED (SECURITY_STATUS)0x80090317L
152 #define SEC_E_INCOMPLETE_MESSAGE (SECURITY_STATUS)0x80090318L
153 #define SEC_E_INCOMPLETE_CREDENTIALS (SECURITY_STATUS)0x80090320L
154 #define SEC_E_BUFFER_TOO_SMALL (SECURITY_STATUS)0x80090321L
155 #define SEC_E_WRONG_PRINCIPAL (SECURITY_STATUS)0x80090322L
156 #define SEC_E_TIME_SKEW (SECURITY_STATUS)0x80090324L
157 #define SEC_E_UNTRUSTED_ROOT (SECURITY_STATUS)0x80090325L
158 #define SEC_E_ILLEGAL_MESSAGE (SECURITY_STATUS)0x80090326L
159 #define SEC_E_CERT_UNKNOWN (SECURITY_STATUS)0x80090327L
160 #define SEC_E_CERT_EXPIRED (SECURITY_STATUS)0x80090328L
161 #define SEC_E_ENCRYPT_FAILURE (SECURITY_STATUS)0x80090329L
162 #define SEC_E_DECRYPT_FAILURE (SECURITY_STATUS)0x80090330L
163 #define SEC_E_ALGORITHM_MISMATCH (SECURITY_STATUS)0x80090331L
164 #define SEC_E_SECURITY_QOS_FAILED (SECURITY_STATUS)0x80090332L
165 #define SEC_E_UNFINISHED_CONTEXT_DELETED (SECURITY_STATUS)0x80090333L
166 #define SEC_E_NO_TGT_REPLY (SECURITY_STATUS)0x80090334L
167 #define SEC_E_NO_IP_ADDRESSES (SECURITY_STATUS)0x80090335L
168 #define SEC_E_WRONG_CREDENTIAL_HANDLE (SECURITY_STATUS)0x80090336L
169 #define SEC_E_CRYPTO_SYSTEM_INVALID (SECURITY_STATUS)0x80090337L
170 #define SEC_E_MAX_REFERRALS_EXCEEDED (SECURITY_STATUS)0x80090338L
171 #define SEC_E_MUST_BE_KDC (SECURITY_STATUS)0x80090339L
172 #define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED (SECURITY_STATUS)0x8009033AL
173 #define SEC_E_TOO_MANY_PRINCIPALS (SECURITY_STATUS)0x8009033BL
174 #define SEC_E_NO_PA_DATA (SECURITY_STATUS)0x8009033CL
175 #define SEC_E_PKINIT_NAME_MISMATCH (SECURITY_STATUS)0x8009033DL
176 #define SEC_E_SMARTCARD_LOGON_REQUIRED (SECURITY_STATUS)0x8009033EL
177 #define SEC_E_SHUTDOWN_IN_PROGRESS (SECURITY_STATUS)0x8009033FL
178 #define SEC_E_KDC_INVALID_REQUEST (SECURITY_STATUS)0x80090340L
179 #define SEC_E_KDC_UNABLE_TO_REFER (SECURITY_STATUS)0x80090341L
180 #define SEC_E_KDC_UNKNOWN_ETYPE (SECURITY_STATUS)0x80090342L
181 #define SEC_E_UNSUPPORTED_PREAUTH (SECURITY_STATUS)0x80090343L
182 #define SEC_E_DELEGATION_REQUIRED (SECURITY_STATUS)0x80090345L
183 #define SEC_E_BAD_BINDINGS (SECURITY_STATUS)0x80090346L
184 #define SEC_E_MULTIPLE_ACCOUNTS (SECURITY_STATUS)0x80090347L
185 #define SEC_E_NO_KERB_KEY (SECURITY_STATUS)0x80090348L
186 #define SEC_E_CERT_WRONG_USAGE (SECURITY_STATUS)0x80090349L
187 #define SEC_E_DOWNGRADE_DETECTED (SECURITY_STATUS)0x80090350L
188 #define SEC_E_SMARTCARD_CERT_REVOKED (SECURITY_STATUS)0x80090351L
189 #define SEC_E_ISSUING_CA_UNTRUSTED (SECURITY_STATUS)0x80090352L
190 #define SEC_E_REVOCATION_OFFLINE_C (SECURITY_STATUS)0x80090353L
191 #define SEC_E_PKINIT_CLIENT_FAILURE (SECURITY_STATUS)0x80090354L
192 #define SEC_E_SMARTCARD_CERT_EXPIRED (SECURITY_STATUS)0x80090355L
193 #define SEC_E_NO_S4U_PROT_SUPPORT (SECURITY_STATUS)0x80090356L
194 #define SEC_E_CROSSREALM_DELEGATION_FAILURE (SECURITY_STATUS)0x80090357L
195 #define SEC_E_REVOCATION_OFFLINE_KDC (SECURITY_STATUS)0x80090358L
196 #define SEC_E_ISSUING_CA_UNTRUSTED_KDC (SECURITY_STATUS)0x80090359L
197 #define SEC_E_KDC_CERT_EXPIRED (SECURITY_STATUS)0x8009035AL
198 #define SEC_E_KDC_CERT_REVOKED (SECURITY_STATUS)0x8009035BL
199 #define SEC_E_INVALID_PARAMETER (SECURITY_STATUS)0x8009035DL
200 #define SEC_E_DELEGATION_POLICY (SECURITY_STATUS)0x8009035EL
201 #define SEC_E_POLICY_NLTM_ONLY (SECURITY_STATUS)0x8009035FL
202 #define SEC_E_NO_CONTEXT (SECURITY_STATUS)0x80090361L
203 #define SEC_E_PKU2U_CERT_FAILURE (SECURITY_STATUS)0x80090362L
204 #define SEC_E_MUTUAL_AUTH_FAILED (SECURITY_STATUS)0x80090363L
205 
206 #define SEC_I_CONTINUE_NEEDED (SECURITY_STATUS)0x00090312L
207 #define SEC_I_COMPLETE_NEEDED (SECURITY_STATUS)0x00090313L
208 #define SEC_I_COMPLETE_AND_CONTINUE (SECURITY_STATUS)0x00090314L
209 #define SEC_I_LOCAL_LOGON (SECURITY_STATUS)0x00090315L
210 #define SEC_I_CONTEXT_EXPIRED (SECURITY_STATUS)0x00090317L
211 #define SEC_I_INCOMPLETE_CREDENTIALS (SECURITY_STATUS)0x00090320L
212 #define SEC_I_RENEGOTIATE (SECURITY_STATUS)0x00090321L
213 #define SEC_I_NO_LSA_CONTEXT (SECURITY_STATUS)0x00090323L
214 #define SEC_I_SIGNATURE_NEEDED (SECURITY_STATUS)0x0009035CL
215 #define SEC_I_NO_RENEGOTIATION (SECURITY_STATUS)0x00090360L
216 
217 #endif /* _WINERROR_ */
218 
219 /* ============== some definitions missing in mingw ========================*/
220 #ifndef SEC_E_INVALID_PARAMETER
221 #define SEC_E_INVALID_PARAMETER (SECURITY_STATUS)0x8009035DL
222 #endif
223 
224 #ifndef SEC_E_DELEGATION_POLICY
225 #define SEC_E_DELEGATION_POLICY (SECURITY_STATUS)0x8009035EL
226 #endif
227 
228 #ifndef SEC_E_POLICY_NLTM_ONLY
229 #define SEC_E_POLICY_NLTM_ONLY (SECURITY_STATUS)0x8009035FL
230 #endif
231 
232 #ifndef SEC_E_NO_CONTEXT
233 #define SEC_E_NO_CONTEXT (SECURITY_STATUS)0x80090361L
234 #endif
235 
236 #ifndef SEC_E_PKU2U_CERT_FAILURE
237 #define SEC_E_PKU2U_CERT_FAILURE (SECURITY_STATUS)0x80090362L
238 #endif
239 
240 #ifndef SEC_E_MUTUAL_AUTH_FAILED
241 #define SEC_E_MUTUAL_AUTH_FAILED (SECURITY_STATUS)0x80090363L
242 #endif
243 
244 #ifndef SEC_I_SIGNATURE_NEEDED
245 #define SEC_I_SIGNATURE_NEEDED (SECURITY_STATUS)0x0009035CL
246 #endif
247 
248 #ifndef SEC_I_NO_RENEGOTIATION
249 #define SEC_I_NO_RENEGOTIATION (SECURITY_STATUS)0x00090360L
250 #endif
251 
252 /* ==================================================================================== */
253 
254 #define SECURITY_NATIVE_DREP 0x00000010
255 #define SECURITY_NETWORK_DREP 0x00000000
256 
257 #define SECPKG_CRED_INBOUND 0x00000001
258 #define SECPKG_CRED_OUTBOUND 0x00000002
259 #define SECPKG_CRED_BOTH 0x00000003
260 #define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010
261 #define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020
262 
263 /* Security Context Attributes */
264 
265 #define SECPKG_ATTR_SIZES 0
266 #define SECPKG_ATTR_NAMES 1
267 #define SECPKG_ATTR_LIFESPAN 2
268 #define SECPKG_ATTR_DCE_INFO 3
269 #define SECPKG_ATTR_STREAM_SIZES 4
270 #define SECPKG_ATTR_KEY_INFO 5
271 #define SECPKG_ATTR_AUTHORITY 6
272 #define SECPKG_ATTR_PROTO_INFO 7
273 #define SECPKG_ATTR_PASSWORD_EXPIRY 8
274 #define SECPKG_ATTR_SESSION_KEY 9
275 #define SECPKG_ATTR_PACKAGE_INFO 10
276 #define SECPKG_ATTR_USER_FLAGS 11
277 #define SECPKG_ATTR_NEGOTIATION_INFO 12
278 #define SECPKG_ATTR_NATIVE_NAMES 13
279 #define SECPKG_ATTR_FLAGS 14
280 #define SECPKG_ATTR_USE_VALIDATED 15
281 #define SECPKG_ATTR_CREDENTIAL_NAME 16
282 #define SECPKG_ATTR_TARGET_INFORMATION 17
283 #define SECPKG_ATTR_ACCESS_TOKEN 18
284 #define SECPKG_ATTR_TARGET 19
285 #define SECPKG_ATTR_AUTHENTICATION_ID 20
286 #define SECPKG_ATTR_LOGOFF_TIME 21
287 #define SECPKG_ATTR_NEGO_KEYS 22
288 #define SECPKG_ATTR_PROMPTING_NEEDED 24
289 #define SECPKG_ATTR_UNIQUE_BINDINGS 25
290 #define SECPKG_ATTR_ENDPOINT_BINDINGS 26
291 #define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27
292 #define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30
293 #define SECPKG_ATTR_NEGO_PKG_INFO 31
294 #define SECPKG_ATTR_NEGO_STATUS 32
295 #define SECPKG_ATTR_CONTEXT_DELETED 33
296 
297 #if !defined(_WIN32) || defined(_UWP)
298 
299 typedef struct
300 {
301  void* AccessToken;
302 } SecPkgContext_AccessToken;
303 
304 typedef struct
305 {
306  UINT32 dwFlags;
307  UINT32 cbAppData;
308  BYTE* pbAppData;
309 } SecPkgContext_SessionAppData;
310 
311 typedef struct
312 {
313  char* sAuthorityName;
314 } SecPkgContext_Authority;
315 
316 typedef struct
317 {
318  char* sTargetName;
319 } SecPkgContext_ClientSpecifiedTarget;
320 
321 typedef UINT32 ALG_ID;
322 
323 typedef struct
324 {
325  UINT32 dwProtocol;
326  ALG_ID aiCipher;
327  UINT32 dwCipherStrength;
328  ALG_ID aiHash;
329  UINT32 dwHashStrength;
330  ALG_ID aiExch;
331  UINT32 dwExchStrength;
332 } SecPkgContext_ConnectionInfo;
333 
334 typedef struct
335 {
336  UINT32 AuthBufferLen;
337  BYTE* AuthBuffer;
338 } SecPkgContext_ClientCreds;
339 
340 typedef struct
341 {
342  UINT32 AuthzSvc;
343  void* pPac;
344 } SecPkgContex_DceInfo;
345 
346 typedef struct
347 {
348  UINT32 dwInitiatorAddrType;
349  UINT32 cbInitiatorLength;
350  UINT32 dwInitiatorOffset;
351  UINT32 dwAcceptorAddrType;
352  UINT32 cbAcceptorLength;
353  UINT32 dwAcceptorOffset;
354  UINT32 cbApplicationDataLength;
355  UINT32 dwApplicationDataOffset;
356 } SEC_CHANNEL_BINDINGS;
357 
358 typedef struct
359 {
360  BYTE rgbKeys[128];
361  BYTE rgbIVs[64];
362 } SecPkgContext_EapKeyBlock;
363 
364 typedef struct
365 {
366  UINT32 Flags;
367 } SecPkgContext_Flags;
368 
369 typedef struct
370 {
371  char* sSignatureAlgorithmName;
372  char* sEncryptAlgorithmName;
373  UINT32 KeySize;
374  UINT32 SignatureAlgorithm;
375  UINT32 EncryptAlgorithm;
376 } SecPkgContext_KeyInfo;
377 
378 typedef struct
379 {
380  TimeStamp tsStart;
381  TimeStamp tsExpiry;
382 } SecPkgContext_Lifespan;
383 
384 typedef struct
385 {
386  char* sUserName;
387 } SecPkgContext_Names;
388 
389 typedef struct
390 {
391  char* sClientName;
392  char* sServerName;
393 } SecPkgContext_NativeNames;
394 
395 typedef struct
396 {
397  SecPkgInfo* PackageInfo;
398  UINT32 NegotiationState;
399 } SecPkgContext_NegotiationInfo;
400 
401 typedef struct
402 {
403  SecPkgInfo* PackageInfo;
404 } SecPkgContext_PackageInfo;
405 
406 typedef struct
407 {
408  TimeStamp tsPasswordExpires;
409 } SecPkgContext_PasswordExpiry;
410 
411 typedef struct
412 {
413  UINT32 SessionKeyLength;
414  BYTE* SessionKey;
415 } SecPkgContext_SessionKey;
416 
417 typedef struct
418 {
419  UINT32 dwFlags;
420  UINT32 cbSessionId;
421  BYTE rgbSessionId[32];
422 } SecPkgContext_SessionInfo;
423 
424 typedef struct
425 {
426  UINT32 cbMaxToken;
427  UINT32 cbMaxSignature;
428  UINT32 cbBlockSize;
429  UINT32 cbSecurityTrailer;
430 } SecPkgContext_Sizes;
431 
432 typedef struct
433 {
434  UINT32 cbHeader;
435  UINT32 cbTrailer;
436  UINT32 cbMaximumMessage;
437  UINT32 cBuffers;
438  UINT32 cbBlockSize;
439 } SecPkgContext_StreamSizes;
440 
441 typedef struct
442 {
443  void* AttributeInfo;
444 } SecPkgContext_SubjectAttributes;
445 
446 typedef struct
447 {
448  UINT16 cSignatureAndHashAlgorithms;
449  UINT16* pSignatureAndHashAlgorithms;
450 } SecPkgContext_SupportedSignatures;
451 
452 typedef struct
453 {
454  UINT32 MarshalledTargetInfoLength;
455  BYTE* MarshalledTargetInfo;
456 } SecPkgContext_TargetInformation;
457 
458 /* Security Credentials Attributes */
459 
460 #define SECPKG_CRED_ATTR_NAMES 1
461 #define SECPKG_CRED_ATTR_SSI_PROVIDER 2
462 #define SECPKG_CRED_ATTR_CERT 4
463 #define SECPKG_CRED_ATTR_PAC_BYPASS 5
464 
465 typedef struct
466 {
467  SEC_CHAR* sUserName;
468 } SecPkgCredentials_NamesA;
469 typedef SecPkgCredentials_NamesA* PSecPkgCredentials_NamesA;
470 
471 typedef struct
472 {
473  SEC_WCHAR* sUserName;
474 } SecPkgCredentials_NamesW;
475 typedef SecPkgCredentials_NamesW* PSecPkgCredentials_NamesW;
476 
477 #ifdef UNICODE
478 #define SecPkgCredentials_Names SecPkgCredentials_NamesW
479 #define PSecPkgCredentials_Names PSecPkgCredentials_NamesW
480 #else
481 #define SecPkgCredentials_Names SecPkgCredentials_NamesA
482 #define PSecPkgCredentials_Names PSecPkgCredentials_NamesA
483 #endif
484 
485 typedef struct
486 {
487  SEC_WCHAR* sProviderName;
488  unsigned long ProviderInfoLength;
489  char* ProviderInfo;
490 } SecPkgCredentials_SSIProviderW, *PSecPkgCredentials_SSIProviderW;
491 
492 typedef struct
493 {
494  SEC_CHAR* sProviderName;
495  unsigned long ProviderInfoLength;
496  char* ProviderInfo;
497 } SecPkgCredentials_SSIProviderA, *PSecPkgCredentials_SSIProviderA;
498 
499 #ifdef UNICODE
500 #define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderW
501 #define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderW
502 #else
503 #define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderA
504 #define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderA
505 #endif
506 
507 typedef struct
508 {
509  unsigned long EncodedCertSize;
510  unsigned char* EncodedCert;
511 } SecPkgCredentials_Cert, *PSecPkgCredentials_Cert;
512 
513 #endif /* !defined(_WIN32) || defined(_UWP) */
514 
515 #if !defined(_WIN32) || defined(_UWP) || (defined(__MINGW32__) && (__MINGW64_VERSION_MAJOR <= 8))
516 
517 #define SECPKG_CRED_ATTR_KDC_PROXY_SETTINGS 3
518 
519 #define KDC_PROXY_SETTINGS_V1 1
520 #define KDC_PROXY_SETTINGS_FLAGS_FORCEPROXY 0x1
521 
522 typedef struct
523 {
524  ULONG Version;
525  ULONG Flags;
526  USHORT ProxyServerOffset;
527  USHORT ProxyServerLength;
528  USHORT ClientTlsCredOffset;
529  USHORT ClientTlsCredLength;
530 } SecPkgCredentials_KdcProxySettingsW, *PSecPkgCredentials_KdcProxySettingsW;
531 
532 typedef struct
533 {
534  ULONG Version;
535  ULONG Flags;
536  USHORT ProxyServerOffset;
537  USHORT ProxyServerLength;
538  USHORT ClientTlsCredOffset;
539  USHORT ClientTlsCredLength;
540 } SecPkgCredentials_KdcProxySettingsA, *PSecPkgCredentials_KdcProxySettingsA;
541 
542 #ifdef UNICODE
543 #define SecPkgCredentials_KdcProxySettings SecPkgCredentials_KdcProxySettingsW
544 #define PSecPkgCredentials_KdcProxySettings PSecPkgCredentials_KdcProxySettingsW
545 #else
546 #define SecPkgCredentials_KdcProxySettings SecPkgCredentials_KdcProxySettingsA
547 #define PSecPkgCredentials_KdcProxySettings SecPkgCredentials_KdcProxySettingsA
548 #endif
549 
550 typedef struct
551 {
552  UINT32 BindingsLength;
553  SEC_CHANNEL_BINDINGS* Bindings;
554 } SecPkgContext_Bindings;
555 #endif
556 
557 /* InitializeSecurityContext Flags */
558 
559 #define ISC_REQ_DELEGATE 0x00000001
560 #define ISC_REQ_MUTUAL_AUTH 0x00000002
561 #define ISC_REQ_REPLAY_DETECT 0x00000004
562 #define ISC_REQ_SEQUENCE_DETECT 0x00000008
563 #define ISC_REQ_CONFIDENTIALITY 0x00000010
564 #define ISC_REQ_USE_SESSION_KEY 0x00000020
565 #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
566 #define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080
567 #define ISC_REQ_ALLOCATE_MEMORY 0x00000100
568 #define ISC_REQ_USE_DCE_STYLE 0x00000200
569 #define ISC_REQ_DATAGRAM 0x00000400
570 #define ISC_REQ_CONNECTION 0x00000800
571 #define ISC_REQ_CALL_LEVEL 0x00001000
572 #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
573 #define ISC_REQ_EXTENDED_ERROR 0x00004000
574 #define ISC_REQ_STREAM 0x00008000
575 #define ISC_REQ_INTEGRITY 0x00010000
576 #define ISC_REQ_IDENTIFY 0x00020000
577 #define ISC_REQ_NULL_SESSION 0x00040000
578 #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
579 #define ISC_REQ_RESERVED1 0x00100000
580 #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
581 #define ISC_REQ_FORWARD_CREDENTIALS 0x00400000
582 #define ISC_REQ_NO_INTEGRITY 0x00800000
583 #define ISC_REQ_USE_HTTP_STYLE 0x01000000
584 
585 #define ISC_RET_DELEGATE 0x00000001
586 #define ISC_RET_MUTUAL_AUTH 0x00000002
587 #define ISC_RET_REPLAY_DETECT 0x00000004
588 #define ISC_RET_SEQUENCE_DETECT 0x00000008
589 #define ISC_RET_CONFIDENTIALITY 0x00000010
590 #define ISC_RET_USE_SESSION_KEY 0x00000020
591 #define ISC_RET_USED_COLLECTED_CREDS 0x00000040
592 #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
593 #define ISC_RET_ALLOCATED_MEMORY 0x00000100
594 #define ISC_RET_USED_DCE_STYLE 0x00000200
595 #define ISC_RET_DATAGRAM 0x00000400
596 #define ISC_RET_CONNECTION 0x00000800
597 #define ISC_RET_INTERMEDIATE_RETURN 0x00001000
598 #define ISC_RET_CALL_LEVEL 0x00002000
599 #define ISC_RET_EXTENDED_ERROR 0x00004000
600 #define ISC_RET_STREAM 0x00008000
601 #define ISC_RET_INTEGRITY 0x00010000
602 #define ISC_RET_IDENTIFY 0x00020000
603 #define ISC_RET_NULL_SESSION 0x00040000
604 #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
605 #define ISC_RET_RESERVED1 0x00100000
606 #define ISC_RET_FRAGMENT_ONLY 0x00200000
607 #define ISC_RET_FORWARD_CREDENTIALS 0x00400000
608 #define ISC_RET_USED_HTTP_STYLE 0x01000000
609 
610 /* AcceptSecurityContext Flags */
611 
612 #define ASC_REQ_DELEGATE 0x00000001
613 #define ASC_REQ_MUTUAL_AUTH 0x00000002
614 #define ASC_REQ_REPLAY_DETECT 0x00000004
615 #define ASC_REQ_SEQUENCE_DETECT 0x00000008
616 #define ASC_REQ_CONFIDENTIALITY 0x00000010
617 #define ASC_REQ_USE_SESSION_KEY 0x00000020
618 #define ASC_REQ_ALLOCATE_MEMORY 0x00000100
619 #define ASC_REQ_USE_DCE_STYLE 0x00000200
620 #define ASC_REQ_DATAGRAM 0x00000400
621 #define ASC_REQ_CONNECTION 0x00000800
622 #define ASC_REQ_CALL_LEVEL 0x00001000
623 #define ASC_REQ_EXTENDED_ERROR 0x00008000
624 #define ASC_REQ_STREAM 0x00010000
625 #define ASC_REQ_INTEGRITY 0x00020000
626 #define ASC_REQ_LICENSING 0x00040000
627 #define ASC_REQ_IDENTIFY 0x00080000
628 #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
629 #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
630 #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
631 #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
632 #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
633 #define ASC_REQ_NO_TOKEN 0x01000000
634 #define ASC_REQ_PROXY_BINDINGS 0x04000000
635 #define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000
636 
637 #define ASC_RET_DELEGATE 0x00000001
638 #define ASC_RET_MUTUAL_AUTH 0x00000002
639 #define ASC_RET_REPLAY_DETECT 0x00000004
640 #define ASC_RET_SEQUENCE_DETECT 0x00000008
641 #define ASC_RET_CONFIDENTIALITY 0x00000010
642 #define ASC_RET_USE_SESSION_KEY 0x00000020
643 #define ASC_RET_ALLOCATED_MEMORY 0x00000100
644 #define ASC_RET_USED_DCE_STYLE 0x00000200
645 #define ASC_RET_DATAGRAM 0x00000400
646 #define ASC_RET_CONNECTION 0x00000800
647 #define ASC_RET_CALL_LEVEL 0x00002000
648 #define ASC_RET_THIRD_LEG_FAILED 0x00004000
649 #define ASC_RET_EXTENDED_ERROR 0x00008000
650 #define ASC_RET_STREAM 0x00010000
651 #define ASC_RET_INTEGRITY 0x00020000
652 #define ASC_RET_LICENSING 0x00040000
653 #define ASC_RET_IDENTIFY 0x00080000
654 #define ASC_RET_NULL_SESSION 0x00100000
655 #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
656 #define ASC_RET_FRAGMENT_ONLY 0x00800000
657 #define ASC_RET_NO_TOKEN 0x01000000
658 #define ASC_RET_NO_PROXY_BINDINGS 0x04000000
659 #define ASC_RET_MISSING_BINDINGS 0x10000000
660 
661 #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
662 #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
663 #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4
664 #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8
665 #define SEC_WINNT_AUTH_IDENTITY_EXTENDED 0x100
666 
667 #if !defined(_WIN32) || defined(_UWP) || defined(__MINGW32__)
668 
669 WINPR_PRAGMA_DIAG_PUSH
670 WINPR_PRAGMA_DIAG_IGNORED_RESERVED_ID_MACRO
671 
672 #ifndef _AUTH_IDENTITY_DEFINED
673 #define _AUTH_IDENTITY_DEFINED
674 
675 typedef struct
676 {
677  UINT16* User;
678  ULONG UserLength;
679  UINT16* Domain;
680  ULONG DomainLength;
681  UINT16* Password;
682  ULONG PasswordLength;
683  UINT32 Flags;
684 } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
685 
686 typedef struct
687 {
688  BYTE* User;
689  ULONG UserLength;
690  BYTE* Domain;
691  ULONG DomainLength;
692  BYTE* Password;
693  ULONG PasswordLength;
694  UINT32 Flags;
695 } SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A;
696 
697 // Always define SEC_WINNT_AUTH_IDENTITY to SEC_WINNT_AUTH_IDENTITY_W
698 
699 #ifdef UNICODE
700 #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W
701 #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W
702 #else
703 #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W
704 #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W
705 #endif
706 
707 #endif /* _AUTH_IDENTITY_DEFINED */
708 
709 #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION
710 #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
711 
712 typedef struct
713 {
714  UINT32 Version;
715  UINT32 Length;
716  UINT16* User;
717  UINT32 UserLength;
718  UINT16* Domain;
719  UINT32 DomainLength;
720  UINT16* Password;
721  UINT32 PasswordLength;
722  UINT32 Flags;
723  UINT16* PackageList;
724  UINT32 PackageListLength;
725 } SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW;
726 
727 typedef struct
728 {
729  UINT32 Version;
730  UINT32 Length;
731  BYTE* User;
732  UINT32 UserLength;
733  BYTE* Domain;
734  UINT32 DomainLength;
735  BYTE* Password;
736  UINT32 PasswordLength;
737  UINT32 Flags;
738  BYTE* PackageList;
739  UINT32 PackageListLength;
740 } SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA;
741 
742 #ifdef UNICODE
743 #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW
744 #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW
745 #else
746 #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA
747 #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXA
748 #endif
749 
750 #endif /* SEC_WINNT_AUTH_IDENTITY_VERSION */
751 
752 #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION_2
753 #define SEC_WINNT_AUTH_IDENTITY_VERSION_2 0x201
754 
755 typedef struct
756 {
757  UINT32 Version;
758  UINT16 cbHeaderLength;
759  UINT32 cbStructureLength;
760  UINT32 UserOffset;
761  UINT16 UserLength;
762  UINT32 DomainOffset;
763  UINT16 DomainLength;
764  UINT32 PackedCredentialsOffset;
765  UINT16 PackedCredentialsLength;
766  UINT32 Flags;
767  UINT32 PackageListOffset;
768  UINT16 PackageListLength;
769 } SEC_WINNT_AUTH_IDENTITY_EX2, *PSEC_WINNT_AUTH_IDENTITY_EX2;
770 
771 #endif /* SEC_WINNT_AUTH_IDENTITY_VERSION_2 */
772 
773 #ifndef _AUTH_IDENTITY_INFO_DEFINED
774 #define _AUTH_IDENTITY_INFO_DEFINED
775 
776 // https://docs.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-sec_winnt_auth_identity_info
777 
778 typedef union
779 {
780  SEC_WINNT_AUTH_IDENTITY_EXW AuthIdExw;
781  SEC_WINNT_AUTH_IDENTITY_EXA AuthIdExa;
782  SEC_WINNT_AUTH_IDENTITY_A AuthId_a;
783  SEC_WINNT_AUTH_IDENTITY_W AuthId_w;
784  SEC_WINNT_AUTH_IDENTITY_EX2 AuthIdEx2;
785 } SEC_WINNT_AUTH_IDENTITY_INFO, *PSEC_WINNT_AUTH_IDENTITY_INFO;
786 
787 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_PROCESS_ENCRYPTED 0x10
788 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SYSTEM_PROTECTED 0x20
789 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_USER_PROTECTED 0x40
790 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SYSTEM_ENCRYPTED 0x80
791 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_RESERVED 0x10000
792 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_NULL_USER 0x20000
793 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_NULL_DOMAIN 0x40000
794 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_ID_PROVIDER 0x80000
795 
796 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_USE_MASK 0xFF000000
797 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_CREDPROV_DO_NOT_SAVE 0x80000000
798 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_CHECKED 0x40000000
799 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_NO_CHECKBOX 0x20000000
800 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_CREDPROV_DO_NOT_LOAD 0x10000000
801 
802 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_VALID_SSPIPFC_FLAGS \
803  (SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_CREDPROV_DO_NOT_SAVE | \
804  SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_CHECKED | \
805  SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_NO_CHECKBOX | \
806  SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_CREDPROV_DO_NOT_LOAD)
807 
808 #endif /* _AUTH_IDENTITY_INFO_DEFINED */
809 
810 WINPR_PRAGMA_DIAG_POP
811 
812 #if !defined(__MINGW32__)
813 typedef struct
814 {
815  ULONG_PTR dwLower;
816  ULONG_PTR dwUpper;
817 } SecHandle;
818 typedef SecHandle* PSecHandle;
819 
820 typedef SecHandle CredHandle;
821 typedef CredHandle* PCredHandle;
822 typedef SecHandle CtxtHandle;
823 typedef CtxtHandle* PCtxtHandle;
824 
825 #define SecInvalidateHandle(x) \
826  ((PSecHandle)(x))->dwLower = ((PSecHandle)(x))->dwUpper = ((ULONG_PTR)((INT_PTR)-1))
827 
828 #define SecIsValidHandle(x) \
829  ((((PSecHandle)(x))->dwLower != ((ULONG_PTR)((INT_PTR)-1))) && \
830  (((PSecHandle)(x))->dwUpper != ((ULONG_PTR)((INT_PTR)-1))))
831 
832 typedef struct
833 {
834  ULONG cbBuffer;
835  ULONG BufferType;
836  void* pvBuffer;
837 } SecBuffer;
838 typedef SecBuffer* PSecBuffer;
839 
840 typedef struct
841 {
842  ULONG ulVersion;
843  ULONG cBuffers;
844  PSecBuffer pBuffers;
845 } SecBufferDesc;
846 typedef SecBufferDesc* PSecBufferDesc;
847 
848 #endif /* __MINGW32__ */
849 
850 #endif /* !defined(_WIN32) || defined(_UWP) || defined(__MINGW32__) */
851 
852 typedef SECURITY_STATUS (*psSspiNtlmHashCallback)(void* client,
853  const SEC_WINNT_AUTH_IDENTITY* authIdentity,
854  const SecBuffer* ntproofvalue,
855  const BYTE* randkey, const BYTE* mic,
856  const SecBuffer* micvalue, BYTE* ntlmhash);
857 
858 typedef struct
859 {
860  char* samFile;
861  psSspiNtlmHashCallback hashCallback;
862  void* hashCallbackArg;
863 } SEC_WINPR_NTLM_SETTINGS;
864 
865 typedef struct
866 {
867  char* kdcUrl;
868  char* keytab;
869  char* cache;
870  char* armorCache;
871  char* pkinitX509Anchors;
872  char* pkinitX509Identity;
873  BOOL withPac;
874  INT32 startTime;
875  INT32 renewLifeTime;
876  INT32 lifeTime;
877  BYTE certSha1[20];
878 } SEC_WINPR_KERBEROS_SETTINGS;
879 
880 typedef struct
881 {
882  SEC_WINNT_AUTH_IDENTITY_EXW identity;
883  SEC_WINPR_NTLM_SETTINGS* ntlmSettings;
884  SEC_WINPR_KERBEROS_SETTINGS* kerberosSettings;
885 } SEC_WINNT_AUTH_IDENTITY_WINPR;
886 
887 #define SECBUFFER_VERSION 0
888 
889 /* Buffer Types */
890 #define SECBUFFER_EMPTY 0
891 #define SECBUFFER_DATA 1
892 #define SECBUFFER_TOKEN 2
893 #define SECBUFFER_PKG_PARAMS 3
894 #define SECBUFFER_MISSING 4
895 #define SECBUFFER_EXTRA 5
896 #define SECBUFFER_STREAM_TRAILER 6
897 #define SECBUFFER_STREAM_HEADER 7
898 #define SECBUFFER_NEGOTIATION_INFO 8
899 #define SECBUFFER_PADDING 9
900 #define SECBUFFER_STREAM 10
901 #define SECBUFFER_MECHLIST 11
902 #define SECBUFFER_MECHLIST_SIGNATURE 12
903 #define SECBUFFER_TARGET 13
904 #define SECBUFFER_CHANNEL_BINDINGS 14
905 #define SECBUFFER_CHANGE_PASS_RESPONSE 15
906 #define SECBUFFER_TARGET_HOST 16
907 #define SECBUFFER_ALERT 17
908 
909 /* Security Buffer Flags */
910 #define SECBUFFER_ATTRMASK 0xF0000000
911 #define SECBUFFER_READONLY 0x80000000
912 #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000
913 #define SECBUFFER_RESERVED 0x60000000
914 
915 #if !defined(_WIN32) || defined(_UWP)
916 
917 typedef void(SEC_ENTRY* SEC_GET_KEY_FN)(void* Arg, void* Principal, UINT32 KeyVer, void** Key,
918  SECURITY_STATUS* pStatus);
919 
920 typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_A)(ULONG* pcPackages,
921  PSecPkgInfoA* ppPackageInfo);
922 typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_W)(ULONG* pcPackages,
923  PSecPkgInfoW* ppPackageInfo);
924 
925 #ifdef UNICODE
926 #define EnumerateSecurityPackages EnumerateSecurityPackagesW
927 #define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W
928 #else
929 #define EnumerateSecurityPackages EnumerateSecurityPackagesA
930 #define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
931 #endif
932 
933 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential,
934  ULONG ulAttribute,
935  void* pBuffer);
936 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential,
937  ULONG ulAttribute,
938  void* pBuffer);
939 
940 #ifdef UNICODE
941 #define QueryCredentialsAttributes QueryCredentialsAttributesW
942 #define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W
943 #else
944 #define QueryCredentialsAttributes QueryCredentialsAttributesA
945 #define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
946 #endif
947 
948 typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_A)(
949  LPSTR pszPrincipal, LPSTR pszPackage, ULONG fCredentialUse, void* pvLogonID, void* pAuthData,
950  SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
951  PTimeStamp ptsExpiry);
952 typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_W)(
953  LPWSTR pszPrincipal, LPWSTR pszPackage, ULONG fCredentialUse, void* pvLogonID, void* pAuthData,
954  SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
955  PTimeStamp ptsExpiry);
956 
957 #ifdef UNICODE
958 #define AcquireCredentialsHandle AcquireCredentialsHandleW
959 #define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W
960 #else
961 #define AcquireCredentialsHandle AcquireCredentialsHandleA
962 #define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
963 #endif
964 
965 typedef SECURITY_STATUS(SEC_ENTRY* FREE_CREDENTIALS_HANDLE_FN)(PCredHandle phCredential);
966 
967 typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_A)(
968  PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq,
969  ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
970  PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
971 typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_W)(
972  PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq,
973  ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
974  PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
975 
976 #ifdef UNICODE
977 #define InitializeSecurityContext InitializeSecurityContextW
978 #define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W
979 #else
980 #define InitializeSecurityContext InitializeSecurityContextA
981 #define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
982 #endif
983 
984 typedef SECURITY_STATUS(SEC_ENTRY* ACCEPT_SECURITY_CONTEXT_FN)(
985  PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq,
986  ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr,
987  PTimeStamp ptsTimeStamp);
988 
989 typedef SECURITY_STATUS(SEC_ENTRY* COMPLETE_AUTH_TOKEN_FN)(PCtxtHandle phContext,
990  PSecBufferDesc pToken);
991 
992 typedef SECURITY_STATUS(SEC_ENTRY* DELETE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
993 
994 typedef SECURITY_STATUS(SEC_ENTRY* APPLY_CONTROL_TOKEN_FN)(PCtxtHandle phContext,
995  PSecBufferDesc pInput);
996 
997 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext,
998  ULONG ulAttribute, void* pBuffer);
999 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext,
1000  ULONG ulAttribute, void* pBuffer);
1001 
1002 #ifdef UNICODE
1003 #define QueryContextAttributes QueryContextAttributesW
1004 #define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W
1005 #else
1006 #define QueryContextAttributes QueryContextAttributesA
1007 #define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
1008 #endif
1009 
1010 typedef SECURITY_STATUS(SEC_ENTRY* IMPERSONATE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
1011 
1012 typedef SECURITY_STATUS(SEC_ENTRY* REVERT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
1013 
1014 typedef SECURITY_STATUS(SEC_ENTRY* MAKE_SIGNATURE_FN)(PCtxtHandle phContext, ULONG fQOP,
1015  PSecBufferDesc pMessage, ULONG MessageSeqNo);
1016 
1017 typedef SECURITY_STATUS(SEC_ENTRY* VERIFY_SIGNATURE_FN)(PCtxtHandle phContext,
1018  PSecBufferDesc pMessage, ULONG MessageSeqNo,
1019  PULONG pfQOP);
1020 
1021 typedef SECURITY_STATUS(SEC_ENTRY* FREE_CONTEXT_BUFFER_FN)(void* pvContextBuffer);
1022 
1023 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_A)(SEC_CHAR* pszPackageName,
1024  PSecPkgInfoA* ppPackageInfo);
1025 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR* pszPackageName,
1026  PSecPkgInfoW* ppPackageInfo);
1027 
1028 #ifdef UNICODE
1029 #define QuerySecurityPackageInfo QuerySecurityPackageInfoW
1030 #define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W
1031 #else
1032 #define QuerySecurityPackageInfo QuerySecurityPackageInfoA
1033 #define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
1034 #endif
1035 
1036 typedef SECURITY_STATUS(SEC_ENTRY* EXPORT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext, ULONG fFlags,
1037  PSecBuffer pPackedContext,
1038  HANDLE* pToken);
1039 
1040 typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_A)(SEC_CHAR* pszPackage,
1041  PSecBuffer pPackedContext,
1042  HANDLE pToken,
1043  PCtxtHandle phContext);
1044 typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* pszPackage,
1045  PSecBuffer pPackedContext,
1046  HANDLE pToken,
1047  PCtxtHandle phContext);
1048 
1049 #ifdef UNICODE
1050 #define ImportSecurityContext ImportSecurityContextW
1051 #define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W
1052 #else
1053 #define ImportSecurityContext ImportSecurityContextA
1054 #define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A
1055 #endif
1056 
1057 typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_A)(
1058  PCredHandle hCredentials, SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, UINT32 fCredentialUse,
1059  void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry);
1060 typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_W)(
1061  PCredHandle hCredentials, SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, UINT32 fCredentialUse,
1062  void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry);
1063 
1064 #ifdef UNICODE
1065 #define AddCredentials AddCredentialsW
1066 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W
1067 #else
1068 #define AddCredentials AddCredentialsA
1069 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
1070 #endif
1071 
1072 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_CONTEXT_TOKEN_FN)(PCtxtHandle phContext,
1073  HANDLE* phToken);
1074 
1075 typedef SECURITY_STATUS(SEC_ENTRY* ENCRYPT_MESSAGE_FN)(PCtxtHandle phContext, ULONG fQOP,
1076  PSecBufferDesc pMessage, ULONG MessageSeqNo);
1077 
1078 typedef SECURITY_STATUS(SEC_ENTRY* DECRYPT_MESSAGE_FN)(PCtxtHandle phContext,
1079  PSecBufferDesc pMessage, ULONG MessageSeqNo,
1080  PULONG pfQOP);
1081 
1082 typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext,
1083  ULONG ulAttribute, void* pBuffer,
1084  ULONG cbBuffer);
1085 typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext,
1086  ULONG ulAttribute, void* pBuffer,
1087  ULONG cbBuffer);
1088 
1089 #ifdef UNICODE
1090 #define SetContextAttributes SetContextAttributesW
1091 #define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W
1092 #else
1093 #define SetContextAttributes SetContextAttributesA
1094 #define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A
1095 #endif
1096 
1097 typedef SECURITY_STATUS(SEC_ENTRY* SET_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential,
1098  ULONG ulAttribute,
1099  void* pBuffer, ULONG cbBuffer);
1100 
1101 typedef SECURITY_STATUS(SEC_ENTRY* SET_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential,
1102  ULONG ulAttribute,
1103  void* pBuffer, ULONG cbBuffer);
1104 
1105 #ifdef UNICODE
1106 #define SetCredentialsAttributes SetCredentialsAttributesW
1107 #define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_W
1108 #else
1109 #define SetCredentialsAttributes SetCredentialsAttributesA
1110 #define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_A
1111 #endif
1112 
1113 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION \
1114  1 /* Interface has all routines through DecryptMessage */
1115 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 \
1116  2 /* Interface has all routines through SetContextAttributes */
1117 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 \
1118  3 /* Interface has all routines through SetCredentialsAttributes */
1119 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 \
1120  4 /* Interface has all routines through ChangeAccountPassword */
1121 
1122 typedef struct
1123 {
1124  UINT32 dwVersion;
1125  ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA;
1126  QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
1127  ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA;
1128  FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
1129  void* Reserved2;
1130  INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
1131  ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
1132  COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
1133  DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
1134  APPLY_CONTROL_TOKEN_FN ApplyControlToken;
1135  QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA;
1136  IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
1137  REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
1138  MAKE_SIGNATURE_FN MakeSignature;
1139  VERIFY_SIGNATURE_FN VerifySignature;
1140  FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
1141  QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
1142  void* Reserved3;
1143  void* Reserved4;
1144  EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
1145  IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA;
1146  ADD_CREDENTIALS_FN_A AddCredentialsA;
1147  void* Reserved8;
1148  QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
1149  ENCRYPT_MESSAGE_FN EncryptMessage;
1150  DECRYPT_MESSAGE_FN DecryptMessage;
1151  SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA;
1152  SET_CREDENTIALS_ATTRIBUTES_FN_A SetCredentialsAttributesA;
1153 } SecurityFunctionTableA;
1154 typedef SecurityFunctionTableA* PSecurityFunctionTableA;
1155 
1156 typedef struct
1157 {
1158  UINT32 dwVersion;
1159  ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW;
1160  QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
1161  ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW;
1162  FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
1163  void* Reserved2;
1164  INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW;
1165  ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
1166  COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
1167  DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
1168  APPLY_CONTROL_TOKEN_FN ApplyControlToken;
1169  QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW;
1170  IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
1171  REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
1172  MAKE_SIGNATURE_FN MakeSignature;
1173  VERIFY_SIGNATURE_FN VerifySignature;
1174  FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
1175  QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW;
1176  void* Reserved3;
1177  void* Reserved4;
1178  EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
1179  IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW;
1180  ADD_CREDENTIALS_FN_W AddCredentialsW;
1181  void* Reserved8;
1182  QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
1183  ENCRYPT_MESSAGE_FN EncryptMessage;
1184  DECRYPT_MESSAGE_FN DecryptMessage;
1185  SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW;
1186  SET_CREDENTIALS_ATTRIBUTES_FN_W SetCredentialsAttributesW;
1187 } SecurityFunctionTableW;
1188 typedef SecurityFunctionTableW* PSecurityFunctionTableW;
1189 
1190 typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_A)(void);
1191 typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_W)(void);
1192 
1193 #ifdef UNICODE
1194 #define InitSecurityInterface InitSecurityInterfaceW
1195 #define SecurityFunctionTable SecurityFunctionTableW
1196 #define PSecurityFunctionTable PSecurityFunctionTableW
1197 #define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W
1198 #else
1199 #define InitSecurityInterface InitSecurityInterfaceA
1200 #define SecurityFunctionTable SecurityFunctionTableA
1201 #define PSecurityFunctionTable PSecurityFunctionTableA
1202 #define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A
1203 #endif
1204 
1205 #ifdef __cplusplus
1206 extern "C"
1207 {
1208 #endif
1209 
1210 #ifdef SSPI_DLL
1211 
1212  /* Package Management */
1213 
1214  WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesA(ULONG* pcPackages,
1215  PSecPkgInfoA* ppPackageInfo);
1216  WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesW(ULONG* pcPackages,
1217  PSecPkgInfoW* ppPackageInfo);
1218 
1219  WINPR_API PSecurityFunctionTableA SEC_ENTRY InitSecurityInterfaceA(void);
1220  WINPR_API PSecurityFunctionTableW SEC_ENTRY InitSecurityInterfaceW(void);
1221 
1222  WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName,
1223  PSecPkgInfoA* ppPackageInfo);
1224  WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName,
1225  PSecPkgInfoW* ppPackageInfo);
1226 
1227  /* Credential Management */
1228 
1229  WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleA(
1230  SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
1231  void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
1232  PTimeStamp ptsExpiry);
1233  WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleW(
1234  SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
1235  void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
1236  PTimeStamp ptsExpiry);
1237 
1238  WINPR_API SECURITY_STATUS SEC_ENTRY ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags,
1239  PSecBuffer pPackedContext,
1240  HANDLE* pToken);
1241  WINPR_API SECURITY_STATUS SEC_ENTRY FreeCredentialsHandle(PCredHandle phCredential);
1242 
1243  WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextA(SEC_CHAR* pszPackage,
1244  PSecBuffer pPackedContext,
1245  HANDLE pToken,
1246  PCtxtHandle phContext);
1247  WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextW(SEC_WCHAR* pszPackage,
1248  PSecBuffer pPackedContext,
1249  HANDLE pToken,
1250  PCtxtHandle phContext);
1251 
1252  WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesA(PCredHandle phCredential,
1253  ULONG ulAttribute,
1254  void* pBuffer);
1255  WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesW(PCredHandle phCredential,
1256  ULONG ulAttribute,
1257  void* pBuffer);
1258 
1259  /* Context Management */
1260 
1261  WINPR_API SECURITY_STATUS SEC_ENTRY
1262  AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
1263  ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
1264  PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp);
1265 
1266  WINPR_API SECURITY_STATUS SEC_ENTRY ApplyControlToken(PCtxtHandle phContext,
1267  PSecBufferDesc pInput);
1268  WINPR_API SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext,
1269  PSecBufferDesc pToken);
1270  WINPR_API SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext);
1271  WINPR_API SECURITY_STATUS SEC_ENTRY FreeContextBuffer(void* pvContextBuffer);
1272  WINPR_API SECURITY_STATUS SEC_ENTRY ImpersonateSecurityContext(PCtxtHandle phContext);
1273 
1274  WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextA(
1275  PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq,
1276  ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
1277  PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr,
1278  PTimeStamp ptsExpiry);
1279  WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextW(
1280  PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName,
1281  ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput,
1282  ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr,
1283  PTimeStamp ptsExpiry);
1284 
1285  WINPR_API SECURITY_STATUS SEC_ENTRY QueryContextAttributes(PCtxtHandle phContext,
1286  ULONG ulAttribute, void* pBuffer);
1287  WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityContextToken(PCtxtHandle phContext,
1288  HANDLE* phToken);
1289  WINPR_API SECURITY_STATUS SEC_ENTRY SetContextAttributes(PCtxtHandle phContext,
1290  ULONG ulAttribute, void* pBuffer,
1291  ULONG cbBuffer);
1292  WINPR_API SECURITY_STATUS SEC_ENTRY RevertSecurityContext(PCtxtHandle phContext);
1293 
1294  /* Message Support */
1295 
1296  WINPR_API SECURITY_STATUS SEC_ENTRY DecryptMessage(PCtxtHandle phContext,
1297  PSecBufferDesc pMessage, ULONG MessageSeqNo,
1298  PULONG pfQOP);
1299  WINPR_API SECURITY_STATUS SEC_ENTRY EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
1300  PSecBufferDesc pMessage, ULONG MessageSeqNo);
1301  WINPR_API SECURITY_STATUS SEC_ENTRY MakeSignature(PCtxtHandle phContext, ULONG fQOP,
1302  PSecBufferDesc pMessage, ULONG MessageSeqNo);
1303  WINPR_API SECURITY_STATUS SEC_ENTRY VerifySignature(PCtxtHandle phContext,
1304  PSecBufferDesc pMessage, ULONG MessageSeqNo,
1305  PULONG pfQOP);
1306 
1307 #endif /* SSPI_DLL */
1308 
1309 #ifdef __cplusplus
1310 }
1311 #endif
1312 
1313 #endif
1314 
1315 #ifdef __cplusplus
1316 extern "C"
1317 {
1318 #endif
1319 
1320  /* Custom API */
1321 
1322 /* Extended SECPKG_ATTR IDs begin at 1000 */
1323 #define SECPKG_ATTR_AUTH_IDENTITY 1001
1324 #define SECPKG_ATTR_AUTH_PASSWORD 1002
1325 #define SECPKG_ATTR_AUTH_NTLM_HASH 1003
1326 #define SECPKG_ATTR_AUTH_NTLM_MESSAGE 1100
1327 #define SECPKG_ATTR_AUTH_NTLM_TIMESTAMP 1101
1328 #define SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE 1102
1329 #define SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE 1103
1330 #define SECPKG_ATTR_AUTH_NTLM_NTPROOF_VALUE 1104
1331 #define SECPKG_ATTR_AUTH_NTLM_RANDKEY 1105
1332 #define SECPKG_ATTR_AUTH_NTLM_MIC 1106
1333 #define SECPKG_ATTR_AUTH_NTLM_MIC_VALUE 1107
1334 
1335 #define SECPKG_CRED_ATTR_TICKET_LOGON 1200
1336 
1337  typedef struct
1338  {
1339  char User[256 + 1];
1340  char Domain[256 + 1];
1341  } SecPkgContext_AuthIdentity;
1342 
1343  typedef struct
1344  {
1345  char Password[256 + 1];
1346  } SecPkgContext_AuthPassword;
1347 
1348  typedef struct
1349  {
1350  int Version;
1351  BYTE NtlmHash[16];
1352  } SecPkgContext_AuthNtlmHash;
1353 
1354  typedef struct
1355  {
1356  BYTE Timestamp[8];
1357  BOOL ChallengeOrResponse;
1358  } SecPkgContext_AuthNtlmTimestamp;
1359 
1360  typedef struct
1361  {
1362  BYTE ClientChallenge[8];
1363  } SecPkgContext_AuthNtlmClientChallenge;
1364 
1365  typedef struct
1366  {
1367  BYTE ServerChallenge[8];
1368  } SecPkgContext_AuthNtlmServerChallenge;
1369 
1370  typedef struct
1371  {
1372  UINT32 type;
1373  UINT32 length;
1374  BYTE* buffer;
1375  } SecPkgContext_AuthNtlmMessage;
1376 
1377 #define SSPI_INTERFACE_WINPR 0x00000001
1378 #define SSPI_INTERFACE_NATIVE 0x00000002
1379 
1380  typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_A)(DWORD flags);
1381  typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_W)(DWORD flags);
1382 
1383  WINPR_API void sspi_GlobalInit(void);
1384  WINPR_API void sspi_GlobalFinish(void);
1385 
1386  WINPR_API void* sspi_SecBufferAlloc(PSecBuffer SecBuffer, ULONG size);
1387  WINPR_API void sspi_SecBufferFree(PSecBuffer SecBuffer);
1388 
1389 #define sspi_SetAuthIdentity sspi_SetAuthIdentityA
1390  WINPR_API int sspi_SetAuthIdentityA(SEC_WINNT_AUTH_IDENTITY* identity, const char* user,
1391  const char* domain, const char* password);
1392  WINPR_API int sspi_SetAuthIdentityW(SEC_WINNT_AUTH_IDENTITY* identity, const WCHAR* user,
1393  const WCHAR* domain, const WCHAR* password);
1394  WINPR_API int sspi_SetAuthIdentityWithLengthW(SEC_WINNT_AUTH_IDENTITY* identity,
1395  const WCHAR* user, size_t userLen,
1396  const WCHAR* domain, size_t domainLen,
1397  const WCHAR* password, size_t passwordLen);
1398  WINPR_API UINT32 sspi_GetAuthIdentityVersion(const void* identity);
1399  WINPR_API UINT32 sspi_GetAuthIdentityFlags(const void* identity);
1400  WINPR_API BOOL sspi_GetAuthIdentityUserDomainW(const void* identity, const WCHAR** pUser,
1401  UINT32* pUserLength, const WCHAR** pDomain,
1402  UINT32* pDomainLength);
1403  WINPR_API BOOL sspi_GetAuthIdentityUserDomainA(const void* identity, const char** pUser,
1404  UINT32* pUserLength, const char** pDomain,
1405  UINT32* pDomainLength);
1406  WINPR_API BOOL sspi_GetAuthIdentityPasswordW(const void* identity, const WCHAR** pPassword,
1407  UINT32* pPasswordLength);
1408  WINPR_API BOOL sspi_GetAuthIdentityPasswordA(const void* identity, const char** pPassword,
1409  UINT32* pPasswordLength);
1410  WINPR_API BOOL sspi_CopyAuthIdentityFieldsA(const SEC_WINNT_AUTH_IDENTITY_INFO* identity,
1411  char** pUser, char** pDomain, char** pPassword);
1412  WINPR_API BOOL sspi_CopyAuthIdentityFieldsW(const SEC_WINNT_AUTH_IDENTITY_INFO* identity,
1413  WCHAR** pUser, WCHAR** pDomain, WCHAR** pPassword);
1414  WINPR_API BOOL sspi_CopyAuthPackageListA(const SEC_WINNT_AUTH_IDENTITY_INFO* identity,
1415  char** pPackageList);
1416  WINPR_API int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity,
1417  const SEC_WINNT_AUTH_IDENTITY_INFO* srcIdentity);
1418 
1419  WINPR_API void sspi_FreeAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity);
1420 
1421  WINPR_API const char* GetSecurityStatusString(SECURITY_STATUS status);
1422 
1423  WINPR_API SecurityFunctionTableW* SEC_ENTRY InitSecurityInterfaceExW(DWORD flags);
1424  WINPR_API SecurityFunctionTableA* SEC_ENTRY InitSecurityInterfaceExA(DWORD flags);
1425 
1426 #ifdef UNICODE
1427 #define InitSecurityInterfaceEx InitSecurityInterfaceExW
1428 #define INIT_SECURITY_INTERFACE_EX INIT_SECURITY_INTERFACE_EX_W
1429 #else
1430 #define InitSecurityInterfaceEx InitSecurityInterfaceExA
1431 #define INIT_SECURITY_INTERFACE_EX INIT_SECURITY_INTERFACE_EX_A
1432 #endif
1433 
1434 #ifdef __cplusplus
1435 }
1436 #endif
1437 
1438 #endif /* WINPR_SSPI_H */
SECURITY_INTEGER
Definition: include/winpr/sspi.h:50
SEC_CHANNEL_BINDINGS
Definition: include/winpr/sspi.h:347
SEC_WINNT_AUTH_IDENTITY_A
Definition: include/winpr/sspi.h:687
SEC_WINNT_AUTH_IDENTITY_EX2
Definition: include/winpr/sspi.h:756
SEC_WINNT_AUTH_IDENTITY_EXA
Definition: include/winpr/sspi.h:728
SEC_WINNT_AUTH_IDENTITY_EXW
Definition: include/winpr/sspi.h:713
SEC_WINNT_AUTH_IDENTITY_WINPR
Definition: include/winpr/sspi.h:881
SEC_WINNT_AUTH_IDENTITY_W
Definition: include/winpr/sspi.h:676
SEC_WINPR_KERBEROS_SETTINGS
Definition: include/winpr/sspi.h:866
SEC_WINPR_NTLM_SETTINGS
Definition: include/winpr/sspi.h:859
SecPkgContex_DceInfo
Definition: include/winpr/sspi.h:341
SecPkgContext_AccessToken
Definition: include/winpr/sspi.h:300
SecPkgContext_AuthIdentity
Definition: include/winpr/sspi.h:1338
SecPkgContext_AuthNtlmClientChallenge
Definition: include/winpr/sspi.h:1361
SecPkgContext_AuthNtlmHash
Definition: include/winpr/sspi.h:1349
SecPkgContext_AuthNtlmMessage
Definition: include/winpr/sspi.h:1371
SecPkgContext_AuthNtlmServerChallenge
Definition: include/winpr/sspi.h:1366
SecPkgContext_AuthNtlmTimestamp
Definition: include/winpr/sspi.h:1355
SecPkgContext_AuthPassword
Definition: include/winpr/sspi.h:1344
SecPkgContext_Authority
Definition: include/winpr/sspi.h:312
SecPkgContext_Bindings
Definition: include/winpr/sspi.h:551
SecPkgContext_ClientCreds
Definition: include/winpr/sspi.h:335
SecPkgContext_ClientSpecifiedTarget
Definition: include/winpr/sspi.h:317
SecPkgContext_ConnectionInfo
Definition: include/winpr/sspi.h:324
SecPkgContext_EapKeyBlock
Definition: include/winpr/sspi.h:359
SecPkgContext_Flags
Definition: include/winpr/sspi.h:365
SecPkgContext_KeyInfo
Definition: include/winpr/sspi.h:370
SecPkgContext_Lifespan
Definition: include/winpr/sspi.h:379
SecPkgContext_Names
Definition: include/winpr/sspi.h:385
SecPkgContext_NativeNames
Definition: include/winpr/sspi.h:390
SecPkgContext_NegotiationInfo
Definition: include/winpr/sspi.h:396
SecPkgContext_PackageInfo
Definition: include/winpr/sspi.h:402
SecPkgContext_PasswordExpiry
Definition: include/winpr/sspi.h:407
SecPkgContext_SessionAppData
Definition: include/winpr/sspi.h:305
SecPkgContext_SessionInfo
Definition: include/winpr/sspi.h:418
SecPkgContext_SessionKey
Definition: include/winpr/sspi.h:412
SecPkgContext_Sizes
Definition: include/winpr/sspi.h:425
SecPkgContext_StreamSizes
Definition: include/winpr/sspi.h:433
SecPkgContext_SubjectAttributes
Definition: include/winpr/sspi.h:442
SecPkgContext_SupportedSignatures
Definition: include/winpr/sspi.h:447
SecPkgContext_TargetInformation
Definition: include/winpr/sspi.h:453
SecPkgCredentials_Cert
Definition: include/winpr/sspi.h:508
SecPkgCredentials_KdcProxySettingsA
Definition: include/winpr/sspi.h:533
SecPkgCredentials_KdcProxySettingsW
Definition: include/winpr/sspi.h:523
SecPkgCredentials_NamesA
Definition: include/winpr/sspi.h:466
SecPkgCredentials_NamesW
Definition: include/winpr/sspi.h:472
SecPkgCredentials_SSIProviderA
Definition: include/winpr/sspi.h:493
SecPkgCredentials_SSIProviderW
Definition: include/winpr/sspi.h:486
SEC_WINNT_AUTH_IDENTITY_INFO
Definition: include/winpr/sspi.h:779