FreeRDP
include/winpr/sspi.h
1 
20 #ifndef WINPR_SSPI_H
21 #define WINPR_SSPI_H
22 
23 #include <winpr/platform.h>
24 #include <winpr/winpr.h>
25 #include <winpr/cast.h>
26 #include <winpr/wtypes.h>
27 #include <winpr/windows.h>
28 #include <winpr/security.h>
29 
30 #ifdef _WIN32
31 
32 #include <tchar.h>
33 #include <winerror.h>
34 
35 #define SECURITY_WIN32
36 #include <sspi.h>
37 #include <security.h>
38 
39 #endif /* _WIN32 */
40 
41 #if !defined(_WIN32) || defined(_UWP)
42 
43 #ifndef SEC_ENTRY
44 #define SEC_ENTRY
45 #endif /* SEC_ENTRY */
46 
47 typedef CHAR SEC_CHAR;
48 typedef WCHAR SEC_WCHAR;
49 
50 typedef struct
51 {
52  UINT32 LowPart;
53  INT32 HighPart;
54 } SECURITY_INTEGER;
55 
56 typedef SECURITY_INTEGER TimeStamp;
57 typedef SECURITY_INTEGER* PTimeStamp;
58 
59 WINPR_PRAGMA_DIAG_PUSH
60 WINPR_PRAGMA_DIAG_IGNORED_RESERVED_ID_MACRO
61 
62 #ifndef __SECSTATUS_DEFINED__
63 typedef LONG SECURITY_STATUS;
64 #define __SECSTATUS_DEFINED__
65 #endif /* __SECSTATUS_DEFINED__ */
66 
67 WINPR_PRAGMA_DIAG_POP
68 
69 typedef struct
70 {
71  UINT32 fCapabilities;
72  UINT16 wVersion;
73  UINT16 wRPCID;
74  UINT32 cbMaxToken;
75  SEC_CHAR* Name;
76  SEC_CHAR* Comment;
77 } SecPkgInfoA;
78 typedef SecPkgInfoA* PSecPkgInfoA;
79 
80 typedef struct
81 {
82  UINT32 fCapabilities;
83  UINT16 wVersion;
84  UINT16 wRPCID;
85  UINT32 cbMaxToken;
86  SEC_WCHAR* Name;
87  SEC_WCHAR* Comment;
88 } SecPkgInfoW;
89 typedef SecPkgInfoW* PSecPkgInfoW;
90 
91 #ifdef UNICODE
92 #define SecPkgInfo SecPkgInfoW
93 #define PSecPkgInfo PSecPkgInfoW
94 #else
95 #define SecPkgInfo SecPkgInfoA
96 #define PSecPkgInfo PSecPkgInfoA
97 #endif /* UNICODE */
98 
99 #endif /* !defined(_WIN32) || defined(_UWP) */
100 
101 #define NTLM_SSP_NAME _T("NTLM")
102 #define KERBEROS_SSP_NAME _T("Kerberos")
103 #define NEGO_SSP_NAME _T("Negotiate")
104 
105 #define SECPKG_ID_NONE 0xFFFF
106 
107 #define SECPKG_FLAG_INTEGRITY 0x00000001
108 #define SECPKG_FLAG_PRIVACY 0x00000002
109 #define SECPKG_FLAG_TOKEN_ONLY 0x00000004
110 #define SECPKG_FLAG_DATAGRAM 0x00000008
111 #define SECPKG_FLAG_CONNECTION 0x00000010
112 #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020
113 #define SECPKG_FLAG_CLIENT_ONLY 0x00000040
114 #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080
115 #define SECPKG_FLAG_IMPERSONATION 0x00000100
116 #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200
117 #define SECPKG_FLAG_STREAM 0x00000400
118 #define SECPKG_FLAG_NEGOTIABLE 0x00000800
119 #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000
120 #define SECPKG_FLAG_LOGON 0x00002000
121 #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000
122 #define SECPKG_FLAG_FRAGMENT 0x00008000
123 #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000
124 #define SECPKG_FLAG_DELEGATION 0x00020000
125 #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000
126 #define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000
127 #define SECPKG_FLAG_NEGO_EXTENDER 0x00100000
128 #define SECPKG_FLAG_NEGOTIABLE2 0x00200000
129 
130 #ifndef _WINERROR_
131 
132 #define SEC_E_OK WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00000000)
133 #define SEC_E_INSUFFICIENT_MEMORY WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090300)
134 #define SEC_E_INVALID_HANDLE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090301)
135 #define SEC_E_UNSUPPORTED_FUNCTION WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090302)
136 #define SEC_E_TARGET_UNKNOWN WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090303)
137 #define SEC_E_INTERNAL_ERROR WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090304)
138 #define SEC_E_SECPKG_NOT_FOUND WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090305)
139 #define SEC_E_NOT_OWNER WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090306)
140 #define SEC_E_CANNOT_INSTALL WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090307)
141 #define SEC_E_INVALID_TOKEN WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090308)
142 #define SEC_E_CANNOT_PACK WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090309)
143 #define SEC_E_QOP_NOT_SUPPORTED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009030A)
144 #define SEC_E_NO_IMPERSONATION WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009030B)
145 #define SEC_E_LOGON_DENIED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009030C)
146 #define SEC_E_UNKNOWN_CREDENTIALS WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009030D)
147 #define SEC_E_NO_CREDENTIALS WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009030E)
148 #define SEC_E_MESSAGE_ALTERED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009030F)
149 #define SEC_E_OUT_OF_SEQUENCE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090310)
150 #define SEC_E_NO_AUTHENTICATING_AUTHORITY WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090311)
151 #define SEC_E_BAD_PKGID WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090316)
152 #define SEC_E_CONTEXT_EXPIRED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090317)
153 #define SEC_E_INCOMPLETE_MESSAGE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090318)
154 #define SEC_E_INCOMPLETE_CREDENTIALS WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090320)
155 #define SEC_E_BUFFER_TOO_SMALL WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090321)
156 #define SEC_E_WRONG_PRINCIPAL WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090322)
157 #define SEC_E_TIME_SKEW WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090324)
158 #define SEC_E_UNTRUSTED_ROOT WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090325)
159 #define SEC_E_ILLEGAL_MESSAGE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090326)
160 #define SEC_E_CERT_UNKNOWN WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090327)
161 #define SEC_E_CERT_EXPIRED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090328)
162 #define SEC_E_ENCRYPT_FAILURE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090329)
163 #define SEC_E_DECRYPT_FAILURE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090330)
164 #define SEC_E_ALGORITHM_MISMATCH WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090331)
165 #define SEC_E_SECURITY_QOS_FAILED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090332)
166 #define SEC_E_UNFINISHED_CONTEXT_DELETED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090333)
167 #define SEC_E_NO_TGT_REPLY WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090334)
168 #define SEC_E_NO_IP_ADDRESSES WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090335)
169 #define SEC_E_WRONG_CREDENTIAL_HANDLE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090336)
170 #define SEC_E_CRYPTO_SYSTEM_INVALID WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090337)
171 #define SEC_E_MAX_REFERRALS_EXCEEDED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090338)
172 #define SEC_E_MUST_BE_KDC WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090339)
173 #define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009033A)
174 #define SEC_E_TOO_MANY_PRINCIPALS WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009033B)
175 #define SEC_E_NO_PA_DATA WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009033C)
176 #define SEC_E_PKINIT_NAME_MISMATCH WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009033D)
177 #define SEC_E_SMARTCARD_LOGON_REQUIRED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009033E)
178 #define SEC_E_SHUTDOWN_IN_PROGRESS WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009033F)
179 #define SEC_E_KDC_INVALID_REQUEST WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090340)
180 #define SEC_E_KDC_UNABLE_TO_REFER WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090341)
181 #define SEC_E_KDC_UNKNOWN_ETYPE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090342)
182 #define SEC_E_UNSUPPORTED_PREAUTH WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090343)
183 #define SEC_E_DELEGATION_REQUIRED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090345)
184 #define SEC_E_BAD_BINDINGS WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090346)
185 #define SEC_E_MULTIPLE_ACCOUNTS WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090347)
186 #define SEC_E_NO_KERB_KEY WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090348)
187 #define SEC_E_CERT_WRONG_USAGE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090349)
188 #define SEC_E_DOWNGRADE_DETECTED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090350)
189 #define SEC_E_SMARTCARD_CERT_REVOKED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090351)
190 #define SEC_E_ISSUING_CA_UNTRUSTED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090352)
191 #define SEC_E_REVOCATION_OFFLINE_C WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090353)
192 #define SEC_E_PKINIT_CLIENT_FAILURE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090354)
193 #define SEC_E_SMARTCARD_CERT_EXPIRED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090355)
194 #define SEC_E_NO_S4U_PROT_SUPPORT WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090356)
195 #define SEC_E_CROSSREALM_DELEGATION_FAILURE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090357)
196 #define SEC_E_REVOCATION_OFFLINE_KDC WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090358)
197 #define SEC_E_ISSUING_CA_UNTRUSTED_KDC WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090359)
198 #define SEC_E_KDC_CERT_EXPIRED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009035A)
199 #define SEC_E_KDC_CERT_REVOKED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009035B)
200 #define SEC_E_INVALID_PARAMETER WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009035D)
201 #define SEC_E_DELEGATION_POLICY WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009035E)
202 #define SEC_E_POLICY_NLTM_ONLY WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009035F)
203 #define SEC_E_NO_CONTEXT WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090361)
204 #define SEC_E_PKU2U_CERT_FAILURE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090362)
205 #define SEC_E_MUTUAL_AUTH_FAILED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090363)
206 
207 #define SEC_I_CONTINUE_NEEDED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00090312)
208 #define SEC_I_COMPLETE_NEEDED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00090313)
209 #define SEC_I_COMPLETE_AND_CONTINUE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00090314)
210 #define SEC_I_LOCAL_LOGON WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00090315)
211 #define SEC_I_CONTEXT_EXPIRED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00090317)
212 #define SEC_I_INCOMPLETE_CREDENTIALS WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00090320)
213 #define SEC_I_RENEGOTIATE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00090321)
214 #define SEC_I_NO_LSA_CONTEXT WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00090323)
215 #define SEC_I_SIGNATURE_NEEDED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x0009035C)
216 #define SEC_I_NO_RENEGOTIATION WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00090360)
217 
218 #endif /* _WINERROR_ */
219 
220 /* ============== some definitions missing in mingw ========================*/
221 #ifndef SEC_E_INVALID_PARAMETER
222 #define SEC_E_INVALID_PARAMETER WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009035D)
223 #endif
224 
225 #ifndef SEC_E_DELEGATION_POLICY
226 #define SEC_E_DELEGATION_POLICY WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009035E)
227 #endif
228 
229 #ifndef SEC_E_POLICY_NLTM_ONLY
230 #define SEC_E_POLICY_NLTM_ONLY WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x8009035F)
231 #endif
232 
233 #ifndef SEC_E_NO_CONTEXT
234 #define SEC_E_NO_CONTEXT WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090361)
235 #endif
236 
237 #ifndef SEC_E_PKU2U_CERT_FAILURE
238 #define SEC_E_PKU2U_CERT_FAILURE WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090362)
239 #endif
240 
241 #ifndef SEC_E_MUTUAL_AUTH_FAILED
242 #define SEC_E_MUTUAL_AUTH_FAILED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x80090363)
243 #endif
244 
245 #ifndef SEC_I_SIGNATURE_NEEDED
246 #define SEC_I_SIGNATURE_NEEDED WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x0009035C)
247 #endif
248 
249 #ifndef SEC_I_NO_RENEGOTIATION
250 #define SEC_I_NO_RENEGOTIATION WINPR_CXX_COMPAT_CAST(SECURITY_STATUS, 0x00090360)
251 #endif
252 
253 /* ==================================================================================== */
254 
255 #define SECURITY_NATIVE_DREP 0x00000010
256 #define SECURITY_NETWORK_DREP 0x00000000
257 
258 #define SECPKG_CRED_INBOUND 0x00000001
259 #define SECPKG_CRED_OUTBOUND 0x00000002
260 #define SECPKG_CRED_BOTH 0x00000003
261 #define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010
262 #define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020
263 
264 /* Security Context Attributes */
265 
266 #define SECPKG_ATTR_SIZES 0
267 #define SECPKG_ATTR_NAMES 1
268 #define SECPKG_ATTR_LIFESPAN 2
269 #define SECPKG_ATTR_DCE_INFO 3
270 #define SECPKG_ATTR_STREAM_SIZES 4
271 #define SECPKG_ATTR_KEY_INFO 5
272 #define SECPKG_ATTR_AUTHORITY 6
273 #define SECPKG_ATTR_PROTO_INFO 7
274 #define SECPKG_ATTR_PASSWORD_EXPIRY 8
275 #define SECPKG_ATTR_SESSION_KEY 9
276 #define SECPKG_ATTR_PACKAGE_INFO 10
277 #define SECPKG_ATTR_USER_FLAGS 11
278 #define SECPKG_ATTR_NEGOTIATION_INFO 12
279 #define SECPKG_ATTR_NATIVE_NAMES 13
280 #define SECPKG_ATTR_FLAGS 14
281 #define SECPKG_ATTR_USE_VALIDATED 15
282 #define SECPKG_ATTR_CREDENTIAL_NAME 16
283 #define SECPKG_ATTR_TARGET_INFORMATION 17
284 #define SECPKG_ATTR_ACCESS_TOKEN 18
285 #define SECPKG_ATTR_TARGET 19
286 #define SECPKG_ATTR_AUTHENTICATION_ID 20
287 #define SECPKG_ATTR_LOGOFF_TIME 21
288 #define SECPKG_ATTR_NEGO_KEYS 22
289 #define SECPKG_ATTR_PROMPTING_NEEDED 24
290 #define SECPKG_ATTR_UNIQUE_BINDINGS 25
291 #define SECPKG_ATTR_ENDPOINT_BINDINGS 26
292 #define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27
293 #define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30
294 #define SECPKG_ATTR_NEGO_PKG_INFO 31
295 #define SECPKG_ATTR_NEGO_STATUS 32
296 #define SECPKG_ATTR_CONTEXT_DELETED 33
297 
298 #if !defined(_WIN32) || defined(_UWP)
299 
300 typedef struct
301 {
302  void* AccessToken;
303 } SecPkgContext_AccessToken;
304 
305 typedef struct
306 {
307  UINT32 dwFlags;
308  UINT32 cbAppData;
309  BYTE* pbAppData;
310 } SecPkgContext_SessionAppData;
311 
312 typedef struct
313 {
314  char* sAuthorityName;
315 } SecPkgContext_Authority;
316 
317 typedef struct
318 {
319  char* sTargetName;
320 } SecPkgContext_ClientSpecifiedTarget;
321 
322 typedef UINT32 ALG_ID;
323 
324 typedef struct
325 {
326  UINT32 dwProtocol;
327  ALG_ID aiCipher;
328  UINT32 dwCipherStrength;
329  ALG_ID aiHash;
330  UINT32 dwHashStrength;
331  ALG_ID aiExch;
332  UINT32 dwExchStrength;
333 } SecPkgContext_ConnectionInfo;
334 
335 typedef struct
336 {
337  UINT32 AuthBufferLen;
338  BYTE* AuthBuffer;
339 } SecPkgContext_ClientCreds;
340 
341 typedef struct
342 {
343  UINT32 AuthzSvc;
344  void* pPac;
345 } SecPkgContex_DceInfo;
346 
347 typedef struct
348 {
349  UINT32 dwInitiatorAddrType;
350  UINT32 cbInitiatorLength;
351  UINT32 dwInitiatorOffset;
352  UINT32 dwAcceptorAddrType;
353  UINT32 cbAcceptorLength;
354  UINT32 dwAcceptorOffset;
355  UINT32 cbApplicationDataLength;
356  UINT32 dwApplicationDataOffset;
357 } SEC_CHANNEL_BINDINGS;
358 
359 typedef struct
360 {
361  BYTE rgbKeys[128];
362  BYTE rgbIVs[64];
363 } SecPkgContext_EapKeyBlock;
364 
365 typedef struct
366 {
367  UINT32 Flags;
368 } SecPkgContext_Flags;
369 
370 typedef struct
371 {
372  char* sSignatureAlgorithmName;
373  char* sEncryptAlgorithmName;
374  UINT32 KeySize;
375  UINT32 SignatureAlgorithm;
376  UINT32 EncryptAlgorithm;
377 } SecPkgContext_KeyInfo;
378 
379 typedef struct
380 {
381  TimeStamp tsStart;
382  TimeStamp tsExpiry;
383 } SecPkgContext_Lifespan;
384 
385 typedef struct
386 {
387  char* sUserName;
388 } SecPkgContext_Names;
389 
390 typedef struct
391 {
392  char* sClientName;
393  char* sServerName;
394 } SecPkgContext_NativeNames;
395 
396 typedef struct
397 {
398  SecPkgInfo* PackageInfo;
399  UINT32 NegotiationState;
400 } SecPkgContext_NegotiationInfo;
401 
402 typedef struct
403 {
404  SecPkgInfo* PackageInfo;
405 } SecPkgContext_PackageInfo;
406 
407 typedef struct
408 {
409  TimeStamp tsPasswordExpires;
410 } SecPkgContext_PasswordExpiry;
411 
412 typedef struct
413 {
414  UINT32 SessionKeyLength;
415  BYTE* SessionKey;
416 } SecPkgContext_SessionKey;
417 
418 typedef struct
419 {
420  UINT32 dwFlags;
421  UINT32 cbSessionId;
422  BYTE rgbSessionId[32];
423 } SecPkgContext_SessionInfo;
424 
425 typedef struct
426 {
427  UINT32 cbMaxToken;
428  UINT32 cbMaxSignature;
429  UINT32 cbBlockSize;
430  UINT32 cbSecurityTrailer;
431 } SecPkgContext_Sizes;
432 
433 typedef struct
434 {
435  UINT32 cbHeader;
436  UINT32 cbTrailer;
437  UINT32 cbMaximumMessage;
438  UINT32 cBuffers;
439  UINT32 cbBlockSize;
440 } SecPkgContext_StreamSizes;
441 
442 typedef struct
443 {
444  void* AttributeInfo;
445 } SecPkgContext_SubjectAttributes;
446 
447 typedef struct
448 {
449  UINT16 cSignatureAndHashAlgorithms;
450  UINT16* pSignatureAndHashAlgorithms;
451 } SecPkgContext_SupportedSignatures;
452 
453 typedef struct
454 {
455  UINT32 MarshalledTargetInfoLength;
456  BYTE* MarshalledTargetInfo;
457 } SecPkgContext_TargetInformation;
458 
459 /* Security Credentials Attributes */
460 
461 #define SECPKG_CRED_ATTR_NAMES 1
462 #define SECPKG_CRED_ATTR_SSI_PROVIDER 2
463 #define SECPKG_CRED_ATTR_CERT 4
464 #define SECPKG_CRED_ATTR_PAC_BYPASS 5
465 
466 typedef struct
467 {
468  SEC_CHAR* sUserName;
469 } SecPkgCredentials_NamesA;
470 typedef SecPkgCredentials_NamesA* PSecPkgCredentials_NamesA;
471 
472 typedef struct
473 {
474  SEC_WCHAR* sUserName;
475 } SecPkgCredentials_NamesW;
476 typedef SecPkgCredentials_NamesW* PSecPkgCredentials_NamesW;
477 
478 #ifdef UNICODE
479 #define SecPkgCredentials_Names SecPkgCredentials_NamesW
480 #define PSecPkgCredentials_Names PSecPkgCredentials_NamesW
481 #else
482 #define SecPkgCredentials_Names SecPkgCredentials_NamesA
483 #define PSecPkgCredentials_Names PSecPkgCredentials_NamesA
484 #endif
485 
486 typedef struct
487 {
488  SEC_WCHAR* sProviderName;
489  unsigned long ProviderInfoLength;
490  char* ProviderInfo;
491 } SecPkgCredentials_SSIProviderW, *PSecPkgCredentials_SSIProviderW;
492 
493 typedef struct
494 {
495  SEC_CHAR* sProviderName;
496  unsigned long ProviderInfoLength;
497  char* ProviderInfo;
498 } SecPkgCredentials_SSIProviderA, *PSecPkgCredentials_SSIProviderA;
499 
500 #ifdef UNICODE
501 #define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderW
502 #define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderW
503 #else
504 #define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderA
505 #define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderA
506 #endif
507 
508 typedef struct
509 {
510  unsigned long EncodedCertSize;
511  unsigned char* EncodedCert;
512 } SecPkgCredentials_Cert, *PSecPkgCredentials_Cert;
513 
514 #endif /* !defined(_WIN32) || defined(_UWP) */
515 
516 #if !defined(_WIN32) || defined(_UWP) || (defined(__MINGW32__) && (__MINGW64_VERSION_MAJOR <= 8))
517 
518 #define SECPKG_CRED_ATTR_KDC_PROXY_SETTINGS 3
519 
520 #define KDC_PROXY_SETTINGS_V1 1
521 #define KDC_PROXY_SETTINGS_FLAGS_FORCEPROXY 0x1
522 
523 typedef struct
524 {
525  ULONG Version;
526  ULONG Flags;
527  USHORT ProxyServerOffset;
528  USHORT ProxyServerLength;
529  USHORT ClientTlsCredOffset;
530  USHORT ClientTlsCredLength;
531 } SecPkgCredentials_KdcProxySettingsW, *PSecPkgCredentials_KdcProxySettingsW;
532 
533 typedef struct
534 {
535  ULONG Version;
536  ULONG Flags;
537  USHORT ProxyServerOffset;
538  USHORT ProxyServerLength;
539  USHORT ClientTlsCredOffset;
540  USHORT ClientTlsCredLength;
541 } SecPkgCredentials_KdcProxySettingsA, *PSecPkgCredentials_KdcProxySettingsA;
542 
543 #ifdef UNICODE
544 #define SecPkgCredentials_KdcProxySettings SecPkgCredentials_KdcProxySettingsW
545 #define PSecPkgCredentials_KdcProxySettings PSecPkgCredentials_KdcProxySettingsW
546 #else
547 #define SecPkgCredentials_KdcProxySettings SecPkgCredentials_KdcProxySettingsA
548 #define PSecPkgCredentials_KdcProxySettings SecPkgCredentials_KdcProxySettingsA
549 #endif
550 
551 typedef struct
552 {
553  UINT32 BindingsLength;
554  SEC_CHANNEL_BINDINGS* Bindings;
555 } SecPkgContext_Bindings;
556 #endif
557 
558 /* InitializeSecurityContext Flags */
559 
560 #define ISC_REQ_DELEGATE 0x00000001
561 #define ISC_REQ_MUTUAL_AUTH 0x00000002
562 #define ISC_REQ_REPLAY_DETECT 0x00000004
563 #define ISC_REQ_SEQUENCE_DETECT 0x00000008
564 #define ISC_REQ_CONFIDENTIALITY 0x00000010
565 #define ISC_REQ_USE_SESSION_KEY 0x00000020
566 #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
567 #define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080
568 #define ISC_REQ_ALLOCATE_MEMORY 0x00000100
569 #define ISC_REQ_USE_DCE_STYLE 0x00000200
570 #define ISC_REQ_DATAGRAM 0x00000400
571 #define ISC_REQ_CONNECTION 0x00000800
572 #define ISC_REQ_CALL_LEVEL 0x00001000
573 #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
574 #define ISC_REQ_EXTENDED_ERROR 0x00004000
575 #define ISC_REQ_STREAM 0x00008000
576 #define ISC_REQ_INTEGRITY 0x00010000
577 #define ISC_REQ_IDENTIFY 0x00020000
578 #define ISC_REQ_NULL_SESSION 0x00040000
579 #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
580 #define ISC_REQ_RESERVED1 0x00100000
581 #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
582 #define ISC_REQ_FORWARD_CREDENTIALS 0x00400000
583 #define ISC_REQ_NO_INTEGRITY 0x00800000
584 #define ISC_REQ_USE_HTTP_STYLE 0x01000000
585 
586 #define ISC_RET_DELEGATE 0x00000001
587 #define ISC_RET_MUTUAL_AUTH 0x00000002
588 #define ISC_RET_REPLAY_DETECT 0x00000004
589 #define ISC_RET_SEQUENCE_DETECT 0x00000008
590 #define ISC_RET_CONFIDENTIALITY 0x00000010
591 #define ISC_RET_USE_SESSION_KEY 0x00000020
592 #define ISC_RET_USED_COLLECTED_CREDS 0x00000040
593 #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
594 #define ISC_RET_ALLOCATED_MEMORY 0x00000100
595 #define ISC_RET_USED_DCE_STYLE 0x00000200
596 #define ISC_RET_DATAGRAM 0x00000400
597 #define ISC_RET_CONNECTION 0x00000800
598 #define ISC_RET_INTERMEDIATE_RETURN 0x00001000
599 #define ISC_RET_CALL_LEVEL 0x00002000
600 #define ISC_RET_EXTENDED_ERROR 0x00004000
601 #define ISC_RET_STREAM 0x00008000
602 #define ISC_RET_INTEGRITY 0x00010000
603 #define ISC_RET_IDENTIFY 0x00020000
604 #define ISC_RET_NULL_SESSION 0x00040000
605 #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
606 #define ISC_RET_RESERVED1 0x00100000
607 #define ISC_RET_FRAGMENT_ONLY 0x00200000
608 #define ISC_RET_FORWARD_CREDENTIALS 0x00400000
609 #define ISC_RET_USED_HTTP_STYLE 0x01000000
610 
611 /* AcceptSecurityContext Flags */
612 
613 #define ASC_REQ_DELEGATE 0x00000001
614 #define ASC_REQ_MUTUAL_AUTH 0x00000002
615 #define ASC_REQ_REPLAY_DETECT 0x00000004
616 #define ASC_REQ_SEQUENCE_DETECT 0x00000008
617 #define ASC_REQ_CONFIDENTIALITY 0x00000010
618 #define ASC_REQ_USE_SESSION_KEY 0x00000020
619 #define ASC_REQ_ALLOCATE_MEMORY 0x00000100
620 #define ASC_REQ_USE_DCE_STYLE 0x00000200
621 #define ASC_REQ_DATAGRAM 0x00000400
622 #define ASC_REQ_CONNECTION 0x00000800
623 #define ASC_REQ_CALL_LEVEL 0x00001000
624 #define ASC_REQ_EXTENDED_ERROR 0x00008000
625 #define ASC_REQ_STREAM 0x00010000
626 #define ASC_REQ_INTEGRITY 0x00020000
627 #define ASC_REQ_LICENSING 0x00040000
628 #define ASC_REQ_IDENTIFY 0x00080000
629 #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
630 #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
631 #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
632 #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
633 #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
634 #define ASC_REQ_NO_TOKEN 0x01000000
635 #define ASC_REQ_PROXY_BINDINGS 0x04000000
636 #define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000
637 
638 #define ASC_RET_DELEGATE 0x00000001
639 #define ASC_RET_MUTUAL_AUTH 0x00000002
640 #define ASC_RET_REPLAY_DETECT 0x00000004
641 #define ASC_RET_SEQUENCE_DETECT 0x00000008
642 #define ASC_RET_CONFIDENTIALITY 0x00000010
643 #define ASC_RET_USE_SESSION_KEY 0x00000020
644 #define ASC_RET_ALLOCATED_MEMORY 0x00000100
645 #define ASC_RET_USED_DCE_STYLE 0x00000200
646 #define ASC_RET_DATAGRAM 0x00000400
647 #define ASC_RET_CONNECTION 0x00000800
648 #define ASC_RET_CALL_LEVEL 0x00002000
649 #define ASC_RET_THIRD_LEG_FAILED 0x00004000
650 #define ASC_RET_EXTENDED_ERROR 0x00008000
651 #define ASC_RET_STREAM 0x00010000
652 #define ASC_RET_INTEGRITY 0x00020000
653 #define ASC_RET_LICENSING 0x00040000
654 #define ASC_RET_IDENTIFY 0x00080000
655 #define ASC_RET_NULL_SESSION 0x00100000
656 #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
657 #define ASC_RET_FRAGMENT_ONLY 0x00800000
658 #define ASC_RET_NO_TOKEN 0x01000000
659 #define ASC_RET_NO_PROXY_BINDINGS 0x04000000
660 #define ASC_RET_MISSING_BINDINGS 0x10000000
661 
662 #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
663 #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
664 #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4
665 #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8
666 #define SEC_WINNT_AUTH_IDENTITY_EXTENDED 0x100
667 
668 #if !defined(_WIN32) || defined(_UWP) || defined(__MINGW32__)
669 
670 WINPR_PRAGMA_DIAG_PUSH
671 WINPR_PRAGMA_DIAG_IGNORED_RESERVED_ID_MACRO
672 
673 #ifndef _AUTH_IDENTITY_DEFINED
674 #define _AUTH_IDENTITY_DEFINED
675 
676 typedef struct
677 {
678  UINT16* User;
679  ULONG UserLength;
680  UINT16* Domain;
681  ULONG DomainLength;
682  UINT16* Password;
683  ULONG PasswordLength;
684  UINT32 Flags;
685 } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
686 
687 typedef struct
688 {
689  BYTE* User;
690  ULONG UserLength;
691  BYTE* Domain;
692  ULONG DomainLength;
693  BYTE* Password;
694  ULONG PasswordLength;
695  UINT32 Flags;
696 } SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A;
697 
698 // Always define SEC_WINNT_AUTH_IDENTITY to SEC_WINNT_AUTH_IDENTITY_W
699 
700 #ifdef UNICODE
701 #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W
702 #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W
703 #else
704 #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W
705 #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W
706 #endif
707 
708 #endif /* _AUTH_IDENTITY_DEFINED */
709 
710 #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION
711 #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
712 
713 typedef struct
714 {
715  UINT32 Version;
716  UINT32 Length;
717  UINT16* User;
718  UINT32 UserLength;
719  UINT16* Domain;
720  UINT32 DomainLength;
721  UINT16* Password;
722  UINT32 PasswordLength;
723  UINT32 Flags;
724  UINT16* PackageList;
725  UINT32 PackageListLength;
726 } SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW;
727 
728 typedef struct
729 {
730  UINT32 Version;
731  UINT32 Length;
732  BYTE* User;
733  UINT32 UserLength;
734  BYTE* Domain;
735  UINT32 DomainLength;
736  BYTE* Password;
737  UINT32 PasswordLength;
738  UINT32 Flags;
739  BYTE* PackageList;
740  UINT32 PackageListLength;
741 } SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA;
742 
743 #ifdef UNICODE
744 #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW
745 #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW
746 #else
747 #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA
748 #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXA
749 #endif
750 
751 #endif /* SEC_WINNT_AUTH_IDENTITY_VERSION */
752 
753 #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION_2
754 #define SEC_WINNT_AUTH_IDENTITY_VERSION_2 0x201
755 
756 typedef struct
757 {
758  UINT32 Version;
759  UINT16 cbHeaderLength;
760  UINT32 cbStructureLength;
761  UINT32 UserOffset;
762  UINT16 UserLength;
763  UINT32 DomainOffset;
764  UINT16 DomainLength;
765  UINT32 PackedCredentialsOffset;
766  UINT16 PackedCredentialsLength;
767  UINT32 Flags;
768  UINT32 PackageListOffset;
769  UINT16 PackageListLength;
770 } SEC_WINNT_AUTH_IDENTITY_EX2, *PSEC_WINNT_AUTH_IDENTITY_EX2;
771 
772 #endif /* SEC_WINNT_AUTH_IDENTITY_VERSION_2 */
773 
774 #ifndef _AUTH_IDENTITY_INFO_DEFINED
775 #define _AUTH_IDENTITY_INFO_DEFINED
776 
777 // https://docs.microsoft.com/en-us/windows/win32/api/sspi/ns-sspi-sec_winnt_auth_identity_info
778 
779 typedef union
780 {
781  SEC_WINNT_AUTH_IDENTITY_EXW AuthIdExw;
782  SEC_WINNT_AUTH_IDENTITY_EXA AuthIdExa;
783  SEC_WINNT_AUTH_IDENTITY_A AuthId_a;
784  SEC_WINNT_AUTH_IDENTITY_W AuthId_w;
785  SEC_WINNT_AUTH_IDENTITY_EX2 AuthIdEx2;
786 } SEC_WINNT_AUTH_IDENTITY_INFO, *PSEC_WINNT_AUTH_IDENTITY_INFO;
787 
788 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_PROCESS_ENCRYPTED 0x10
789 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SYSTEM_PROTECTED 0x20
790 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_USER_PROTECTED 0x40
791 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SYSTEM_ENCRYPTED 0x80
792 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_RESERVED 0x10000
793 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_NULL_USER 0x20000
794 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_NULL_DOMAIN 0x40000
795 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_ID_PROVIDER 0x80000
796 
797 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_USE_MASK 0xFF000000
798 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_CREDPROV_DO_NOT_SAVE 0x80000000
799 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_CHECKED 0x40000000
800 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_NO_CHECKBOX 0x20000000
801 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_CREDPROV_DO_NOT_LOAD 0x10000000
802 
803 #define SEC_WINNT_AUTH_IDENTITY_FLAGS_VALID_SSPIPFC_FLAGS \
804  (SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_CREDPROV_DO_NOT_SAVE | \
805  SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_CHECKED | \
806  SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_NO_CHECKBOX | \
807  SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_CREDPROV_DO_NOT_LOAD)
808 
809 #endif /* _AUTH_IDENTITY_INFO_DEFINED */
810 
811 WINPR_PRAGMA_DIAG_POP
812 
813 #if !defined(__MINGW32__)
814 typedef struct
815 {
816  ULONG_PTR dwLower;
817  ULONG_PTR dwUpper;
818 } SecHandle;
819 typedef SecHandle* PSecHandle;
820 
821 typedef SecHandle CredHandle;
822 typedef CredHandle* PCredHandle;
823 typedef SecHandle CtxtHandle;
824 typedef CtxtHandle* PCtxtHandle;
825 
826 #define SecInvalidateHandle(x) \
827  ((PSecHandle)(x))->dwLower = ((PSecHandle)(x))->dwUpper = ((ULONG_PTR)((INT_PTR)-1))
828 
829 #define SecIsValidHandle(x) \
830  ((((PSecHandle)(x))->dwLower != ((ULONG_PTR)((INT_PTR)-1))) && \
831  (((PSecHandle)(x))->dwUpper != ((ULONG_PTR)((INT_PTR)-1))))
832 
833 typedef struct
834 {
835  ULONG cbBuffer;
836  ULONG BufferType;
837  void* pvBuffer;
838 } SecBuffer;
839 typedef SecBuffer* PSecBuffer;
840 
841 typedef struct
842 {
843  ULONG ulVersion;
844  ULONG cBuffers;
845  PSecBuffer pBuffers;
846 } SecBufferDesc;
847 typedef SecBufferDesc* PSecBufferDesc;
848 
849 #endif /* __MINGW32__ */
850 
851 #endif /* !defined(_WIN32) || defined(_UWP) || defined(__MINGW32__) */
852 
853 typedef SECURITY_STATUS (*psSspiNtlmHashCallback)(void* client,
854  const SEC_WINNT_AUTH_IDENTITY* authIdentity,
855  const SecBuffer* ntproofvalue,
856  const BYTE* randkey, const BYTE* mic,
857  const SecBuffer* micvalue, BYTE* ntlmhash);
858 
859 typedef struct
860 {
861  char* samFile;
862  psSspiNtlmHashCallback hashCallback;
863  void* hashCallbackArg;
864 } SEC_WINPR_NTLM_SETTINGS;
865 
866 typedef struct
867 {
868  char* kdcUrl;
869  char* keytab;
870  char* cache;
871  char* armorCache;
872  char* pkinitX509Anchors;
873  char* pkinitX509Identity;
874  BOOL withPac;
875  INT32 startTime;
876  INT32 renewLifeTime;
877  INT32 lifeTime;
878  BYTE certSha1[20];
879 } SEC_WINPR_KERBEROS_SETTINGS;
880 
881 typedef struct
882 {
883  SEC_WINNT_AUTH_IDENTITY_EXW identity;
884  SEC_WINPR_NTLM_SETTINGS* ntlmSettings;
885  SEC_WINPR_KERBEROS_SETTINGS* kerberosSettings;
886 } SEC_WINNT_AUTH_IDENTITY_WINPR;
887 
888 #define SECBUFFER_VERSION 0
889 
890 /* Buffer Types */
891 #define SECBUFFER_EMPTY 0
892 #define SECBUFFER_DATA 1
893 #define SECBUFFER_TOKEN 2
894 #define SECBUFFER_PKG_PARAMS 3
895 #define SECBUFFER_MISSING 4
896 #define SECBUFFER_EXTRA 5
897 #define SECBUFFER_STREAM_TRAILER 6
898 #define SECBUFFER_STREAM_HEADER 7
899 #define SECBUFFER_NEGOTIATION_INFO 8
900 #define SECBUFFER_PADDING 9
901 #define SECBUFFER_STREAM 10
902 #define SECBUFFER_MECHLIST 11
903 #define SECBUFFER_MECHLIST_SIGNATURE 12
904 #define SECBUFFER_TARGET 13
905 #define SECBUFFER_CHANNEL_BINDINGS 14
906 #define SECBUFFER_CHANGE_PASS_RESPONSE 15
907 #define SECBUFFER_TARGET_HOST 16
908 #define SECBUFFER_ALERT 17
909 
910 /* Security Buffer Flags */
911 #define SECBUFFER_ATTRMASK 0xF0000000
912 #define SECBUFFER_READONLY 0x80000000
913 #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000
914 #define SECBUFFER_RESERVED 0x60000000
915 
916 #if !defined(_WIN32) || defined(_UWP)
917 
918 typedef void(SEC_ENTRY* SEC_GET_KEY_FN)(void* Arg, void* Principal, UINT32 KeyVer, void** Key,
919  SECURITY_STATUS* pStatus);
920 
921 typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_A)(ULONG* pcPackages,
922  PSecPkgInfoA* ppPackageInfo);
923 typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_W)(ULONG* pcPackages,
924  PSecPkgInfoW* ppPackageInfo);
925 
926 #ifdef UNICODE
927 #define EnumerateSecurityPackages EnumerateSecurityPackagesW
928 #define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W
929 #else
930 #define EnumerateSecurityPackages EnumerateSecurityPackagesA
931 #define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
932 #endif
933 
934 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential,
935  ULONG ulAttribute,
936  void* pBuffer);
937 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential,
938  ULONG ulAttribute,
939  void* pBuffer);
940 
941 #ifdef UNICODE
942 #define QueryCredentialsAttributes QueryCredentialsAttributesW
943 #define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W
944 #else
945 #define QueryCredentialsAttributes QueryCredentialsAttributesA
946 #define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
947 #endif
948 
949 typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_A)(
950  LPSTR pszPrincipal, LPSTR pszPackage, ULONG fCredentialUse, void* pvLogonID, void* pAuthData,
951  SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
952  PTimeStamp ptsExpiry);
953 typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_W)(
954  LPWSTR pszPrincipal, LPWSTR pszPackage, ULONG fCredentialUse, void* pvLogonID, void* pAuthData,
955  SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
956  PTimeStamp ptsExpiry);
957 
958 #ifdef UNICODE
959 #define AcquireCredentialsHandle AcquireCredentialsHandleW
960 #define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W
961 #else
962 #define AcquireCredentialsHandle AcquireCredentialsHandleA
963 #define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
964 #endif
965 
966 typedef SECURITY_STATUS(SEC_ENTRY* FREE_CREDENTIALS_HANDLE_FN)(PCredHandle phCredential);
967 
968 typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_A)(
969  PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq,
970  ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
971  PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
972 typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_W)(
973  PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq,
974  ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
975  PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
976 
977 #ifdef UNICODE
978 #define InitializeSecurityContext InitializeSecurityContextW
979 #define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W
980 #else
981 #define InitializeSecurityContext InitializeSecurityContextA
982 #define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
983 #endif
984 
985 typedef SECURITY_STATUS(SEC_ENTRY* ACCEPT_SECURITY_CONTEXT_FN)(
986  PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq,
987  ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr,
988  PTimeStamp ptsTimeStamp);
989 
990 typedef SECURITY_STATUS(SEC_ENTRY* COMPLETE_AUTH_TOKEN_FN)(PCtxtHandle phContext,
991  PSecBufferDesc pToken);
992 
993 typedef SECURITY_STATUS(SEC_ENTRY* DELETE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
994 
995 typedef SECURITY_STATUS(SEC_ENTRY* APPLY_CONTROL_TOKEN_FN)(PCtxtHandle phContext,
996  PSecBufferDesc pInput);
997 
998 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext,
999  ULONG ulAttribute, void* pBuffer);
1000 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext,
1001  ULONG ulAttribute, void* pBuffer);
1002 
1003 #ifdef UNICODE
1004 #define QueryContextAttributes QueryContextAttributesW
1005 #define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W
1006 #else
1007 #define QueryContextAttributes QueryContextAttributesA
1008 #define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
1009 #endif
1010 
1011 typedef SECURITY_STATUS(SEC_ENTRY* IMPERSONATE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
1012 
1013 typedef SECURITY_STATUS(SEC_ENTRY* REVERT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
1014 
1015 typedef SECURITY_STATUS(SEC_ENTRY* MAKE_SIGNATURE_FN)(PCtxtHandle phContext, ULONG fQOP,
1016  PSecBufferDesc pMessage, ULONG MessageSeqNo);
1017 
1018 typedef SECURITY_STATUS(SEC_ENTRY* VERIFY_SIGNATURE_FN)(PCtxtHandle phContext,
1019  PSecBufferDesc pMessage, ULONG MessageSeqNo,
1020  PULONG pfQOP);
1021 
1022 typedef SECURITY_STATUS(SEC_ENTRY* FREE_CONTEXT_BUFFER_FN)(void* pvContextBuffer);
1023 
1024 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_A)(SEC_CHAR* pszPackageName,
1025  PSecPkgInfoA* ppPackageInfo);
1026 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR* pszPackageName,
1027  PSecPkgInfoW* ppPackageInfo);
1028 
1029 #ifdef UNICODE
1030 #define QuerySecurityPackageInfo QuerySecurityPackageInfoW
1031 #define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W
1032 #else
1033 #define QuerySecurityPackageInfo QuerySecurityPackageInfoA
1034 #define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
1035 #endif
1036 
1037 typedef SECURITY_STATUS(SEC_ENTRY* EXPORT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext, ULONG fFlags,
1038  PSecBuffer pPackedContext,
1039  HANDLE* pToken);
1040 
1041 typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_A)(SEC_CHAR* pszPackage,
1042  PSecBuffer pPackedContext,
1043  HANDLE pToken,
1044  PCtxtHandle phContext);
1045 typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* pszPackage,
1046  PSecBuffer pPackedContext,
1047  HANDLE pToken,
1048  PCtxtHandle phContext);
1049 
1050 #ifdef UNICODE
1051 #define ImportSecurityContext ImportSecurityContextW
1052 #define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W
1053 #else
1054 #define ImportSecurityContext ImportSecurityContextA
1055 #define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A
1056 #endif
1057 
1058 typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_A)(
1059  PCredHandle hCredentials, SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, UINT32 fCredentialUse,
1060  void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry);
1061 typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_W)(
1062  PCredHandle hCredentials, SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, UINT32 fCredentialUse,
1063  void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry);
1064 
1065 #ifdef UNICODE
1066 #define AddCredentials AddCredentialsW
1067 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W
1068 #else
1069 #define AddCredentials AddCredentialsA
1070 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
1071 #endif
1072 
1073 typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_CONTEXT_TOKEN_FN)(PCtxtHandle phContext,
1074  HANDLE* phToken);
1075 
1076 typedef SECURITY_STATUS(SEC_ENTRY* ENCRYPT_MESSAGE_FN)(PCtxtHandle phContext, ULONG fQOP,
1077  PSecBufferDesc pMessage, ULONG MessageSeqNo);
1078 
1079 typedef SECURITY_STATUS(SEC_ENTRY* DECRYPT_MESSAGE_FN)(PCtxtHandle phContext,
1080  PSecBufferDesc pMessage, ULONG MessageSeqNo,
1081  PULONG pfQOP);
1082 
1083 typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext,
1084  ULONG ulAttribute, void* pBuffer,
1085  ULONG cbBuffer);
1086 typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext,
1087  ULONG ulAttribute, void* pBuffer,
1088  ULONG cbBuffer);
1089 
1090 #ifdef UNICODE
1091 #define SetContextAttributes SetContextAttributesW
1092 #define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W
1093 #else
1094 #define SetContextAttributes SetContextAttributesA
1095 #define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A
1096 #endif
1097 
1098 typedef SECURITY_STATUS(SEC_ENTRY* SET_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential,
1099  ULONG ulAttribute,
1100  void* pBuffer, ULONG cbBuffer);
1101 
1102 typedef SECURITY_STATUS(SEC_ENTRY* SET_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential,
1103  ULONG ulAttribute,
1104  void* pBuffer, ULONG cbBuffer);
1105 
1106 #ifdef UNICODE
1107 #define SetCredentialsAttributes SetCredentialsAttributesW
1108 #define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_W
1109 #else
1110 #define SetCredentialsAttributes SetCredentialsAttributesA
1111 #define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_A
1112 #endif
1113 
1114 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION \
1115  1 /* Interface has all routines through DecryptMessage */
1116 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 \
1117  2 /* Interface has all routines through SetContextAttributes */
1118 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 \
1119  3 /* Interface has all routines through SetCredentialsAttributes */
1120 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 \
1121  4 /* Interface has all routines through ChangeAccountPassword */
1122 
1123 typedef struct
1124 {
1125  UINT32 dwVersion;
1126  ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA;
1127  QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
1128  ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA;
1129  FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
1130  void* Reserved2;
1131  INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
1132  ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
1133  COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
1134  DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
1135  APPLY_CONTROL_TOKEN_FN ApplyControlToken;
1136  QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA;
1137  IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
1138  REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
1139  MAKE_SIGNATURE_FN MakeSignature;
1140  VERIFY_SIGNATURE_FN VerifySignature;
1141  FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
1142  QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
1143  void* Reserved3;
1144  void* Reserved4;
1145  EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
1146  IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA;
1147  ADD_CREDENTIALS_FN_A AddCredentialsA;
1148  void* Reserved8;
1149  QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
1150  ENCRYPT_MESSAGE_FN EncryptMessage;
1151  DECRYPT_MESSAGE_FN DecryptMessage;
1152  SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA;
1153  SET_CREDENTIALS_ATTRIBUTES_FN_A SetCredentialsAttributesA;
1154 } SecurityFunctionTableA;
1155 typedef SecurityFunctionTableA* PSecurityFunctionTableA;
1156 
1157 typedef struct
1158 {
1159  UINT32 dwVersion;
1160  ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW;
1161  QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
1162  ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW;
1163  FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
1164  void* Reserved2;
1165  INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW;
1166  ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
1167  COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
1168  DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
1169  APPLY_CONTROL_TOKEN_FN ApplyControlToken;
1170  QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW;
1171  IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
1172  REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
1173  MAKE_SIGNATURE_FN MakeSignature;
1174  VERIFY_SIGNATURE_FN VerifySignature;
1175  FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
1176  QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW;
1177  void* Reserved3;
1178  void* Reserved4;
1179  EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
1180  IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW;
1181  ADD_CREDENTIALS_FN_W AddCredentialsW;
1182  void* Reserved8;
1183  QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
1184  ENCRYPT_MESSAGE_FN EncryptMessage;
1185  DECRYPT_MESSAGE_FN DecryptMessage;
1186  SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW;
1187  SET_CREDENTIALS_ATTRIBUTES_FN_W SetCredentialsAttributesW;
1188 } SecurityFunctionTableW;
1189 typedef SecurityFunctionTableW* PSecurityFunctionTableW;
1190 
1191 typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_A)(void);
1192 typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_W)(void);
1193 
1194 #ifdef UNICODE
1195 #define InitSecurityInterface InitSecurityInterfaceW
1196 #define SecurityFunctionTable SecurityFunctionTableW
1197 #define PSecurityFunctionTable PSecurityFunctionTableW
1198 #define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W
1199 #else
1200 #define InitSecurityInterface InitSecurityInterfaceA
1201 #define SecurityFunctionTable SecurityFunctionTableA
1202 #define PSecurityFunctionTable PSecurityFunctionTableA
1203 #define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A
1204 #endif
1205 
1206 #ifdef __cplusplus
1207 extern "C"
1208 {
1209 #endif
1210 
1211 #ifdef SSPI_DLL
1212 
1213  /* Package Management */
1214 
1215  WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesA(ULONG* pcPackages,
1216  PSecPkgInfoA* ppPackageInfo);
1217  WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesW(ULONG* pcPackages,
1218  PSecPkgInfoW* ppPackageInfo);
1219 
1220  WINPR_API PSecurityFunctionTableA SEC_ENTRY InitSecurityInterfaceA(void);
1221  WINPR_API PSecurityFunctionTableW SEC_ENTRY InitSecurityInterfaceW(void);
1222 
1223  WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName,
1224  PSecPkgInfoA* ppPackageInfo);
1225  WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName,
1226  PSecPkgInfoW* ppPackageInfo);
1227 
1228  /* Credential Management */
1229 
1230  WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleA(
1231  SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
1232  void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
1233  PTimeStamp ptsExpiry);
1234  WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleW(
1235  SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
1236  void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
1237  PTimeStamp ptsExpiry);
1238 
1239  WINPR_API SECURITY_STATUS SEC_ENTRY ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags,
1240  PSecBuffer pPackedContext,
1241  HANDLE* pToken);
1242  WINPR_API SECURITY_STATUS SEC_ENTRY FreeCredentialsHandle(PCredHandle phCredential);
1243 
1244  WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextA(SEC_CHAR* pszPackage,
1245  PSecBuffer pPackedContext,
1246  HANDLE pToken,
1247  PCtxtHandle phContext);
1248  WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextW(SEC_WCHAR* pszPackage,
1249  PSecBuffer pPackedContext,
1250  HANDLE pToken,
1251  PCtxtHandle phContext);
1252 
1253  WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesA(PCredHandle phCredential,
1254  ULONG ulAttribute,
1255  void* pBuffer);
1256  WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesW(PCredHandle phCredential,
1257  ULONG ulAttribute,
1258  void* pBuffer);
1259 
1260  /* Context Management */
1261 
1262  WINPR_API SECURITY_STATUS SEC_ENTRY
1263  AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
1264  ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
1265  PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp);
1266 
1267  WINPR_API SECURITY_STATUS SEC_ENTRY ApplyControlToken(PCtxtHandle phContext,
1268  PSecBufferDesc pInput);
1269  WINPR_API SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext,
1270  PSecBufferDesc pToken);
1271  WINPR_API SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext);
1272  WINPR_API SECURITY_STATUS SEC_ENTRY FreeContextBuffer(void* pvContextBuffer);
1273  WINPR_API SECURITY_STATUS SEC_ENTRY ImpersonateSecurityContext(PCtxtHandle phContext);
1274 
1275  WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextA(
1276  PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq,
1277  ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
1278  PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr,
1279  PTimeStamp ptsExpiry);
1280  WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextW(
1281  PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName,
1282  ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput,
1283  ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr,
1284  PTimeStamp ptsExpiry);
1285 
1286  WINPR_API SECURITY_STATUS SEC_ENTRY QueryContextAttributes(PCtxtHandle phContext,
1287  ULONG ulAttribute, void* pBuffer);
1288  WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityContextToken(PCtxtHandle phContext,
1289  HANDLE* phToken);
1290  WINPR_API SECURITY_STATUS SEC_ENTRY SetContextAttributes(PCtxtHandle phContext,
1291  ULONG ulAttribute, void* pBuffer,
1292  ULONG cbBuffer);
1293  WINPR_API SECURITY_STATUS SEC_ENTRY RevertSecurityContext(PCtxtHandle phContext);
1294 
1295  /* Message Support */
1296 
1297  WINPR_API SECURITY_STATUS SEC_ENTRY DecryptMessage(PCtxtHandle phContext,
1298  PSecBufferDesc pMessage, ULONG MessageSeqNo,
1299  PULONG pfQOP);
1300  WINPR_API SECURITY_STATUS SEC_ENTRY EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
1301  PSecBufferDesc pMessage, ULONG MessageSeqNo);
1302  WINPR_API SECURITY_STATUS SEC_ENTRY MakeSignature(PCtxtHandle phContext, ULONG fQOP,
1303  PSecBufferDesc pMessage, ULONG MessageSeqNo);
1304  WINPR_API SECURITY_STATUS SEC_ENTRY VerifySignature(PCtxtHandle phContext,
1305  PSecBufferDesc pMessage, ULONG MessageSeqNo,
1306  PULONG pfQOP);
1307 
1308 #endif /* SSPI_DLL */
1309 
1310 #ifdef __cplusplus
1311 }
1312 #endif
1313 
1314 #endif
1315 
1316 #ifdef __cplusplus
1317 extern "C"
1318 {
1319 #endif
1320 
1321  /* Custom API */
1322 
1323 /* Extended SECPKG_ATTR IDs begin at 1000 */
1324 #define SECPKG_ATTR_AUTH_IDENTITY 1001
1325 #define SECPKG_ATTR_AUTH_PASSWORD 1002
1326 #define SECPKG_ATTR_AUTH_NTLM_HASH 1003
1327 #define SECPKG_ATTR_AUTH_NTLM_MESSAGE 1100
1328 #define SECPKG_ATTR_AUTH_NTLM_TIMESTAMP 1101
1329 #define SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE 1102
1330 #define SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE 1103
1331 #define SECPKG_ATTR_AUTH_NTLM_NTPROOF_VALUE 1104
1332 #define SECPKG_ATTR_AUTH_NTLM_RANDKEY 1105
1333 #define SECPKG_ATTR_AUTH_NTLM_MIC 1106
1334 #define SECPKG_ATTR_AUTH_NTLM_MIC_VALUE 1107
1335 
1336 #define SECPKG_CRED_ATTR_TICKET_LOGON 1200
1337 
1338  typedef struct
1339  {
1340  char User[256 + 1];
1341  char Domain[256 + 1];
1342  } SecPkgContext_AuthIdentity;
1343 
1344  typedef struct
1345  {
1346  char Password[256 + 1];
1347  } SecPkgContext_AuthPassword;
1348 
1349  typedef struct
1350  {
1351  int Version;
1352  BYTE NtlmHash[16];
1353  } SecPkgContext_AuthNtlmHash;
1354 
1355  typedef struct
1356  {
1357  BYTE Timestamp[8];
1358  BOOL ChallengeOrResponse;
1359  } SecPkgContext_AuthNtlmTimestamp;
1360 
1361  typedef struct
1362  {
1363  BYTE ClientChallenge[8];
1364  } SecPkgContext_AuthNtlmClientChallenge;
1365 
1366  typedef struct
1367  {
1368  BYTE ServerChallenge[8];
1369  } SecPkgContext_AuthNtlmServerChallenge;
1370 
1371  typedef struct
1372  {
1373  UINT32 type;
1374  UINT32 length;
1375  BYTE* buffer;
1376  } SecPkgContext_AuthNtlmMessage;
1377 
1378 #define SSPI_INTERFACE_WINPR 0x00000001
1379 #define SSPI_INTERFACE_NATIVE 0x00000002
1380 
1381  typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_A)(DWORD flags);
1382  typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_W)(DWORD flags);
1383 
1384  WINPR_API void sspi_GlobalInit(void);
1385  WINPR_API void sspi_GlobalFinish(void);
1386 
1387  WINPR_API void* sspi_SecBufferAlloc(PSecBuffer SecBuffer, ULONG size);
1388  WINPR_API void sspi_SecBufferFree(PSecBuffer SecBuffer);
1389 
1390 #define sspi_SetAuthIdentity sspi_SetAuthIdentityA
1391  WINPR_API int sspi_SetAuthIdentityA(SEC_WINNT_AUTH_IDENTITY* identity, const char* user,
1392  const char* domain, const char* password);
1393  WINPR_API int sspi_SetAuthIdentityW(SEC_WINNT_AUTH_IDENTITY* identity, const WCHAR* user,
1394  const WCHAR* domain, const WCHAR* password);
1395  WINPR_API int sspi_SetAuthIdentityWithLengthW(SEC_WINNT_AUTH_IDENTITY* identity,
1396  const WCHAR* user, size_t userLen,
1397  const WCHAR* domain, size_t domainLen,
1398  const WCHAR* password, size_t passwordLen);
1399  WINPR_API UINT32 sspi_GetAuthIdentityVersion(const void* identity);
1400  WINPR_API UINT32 sspi_GetAuthIdentityFlags(const void* identity);
1401  WINPR_API BOOL sspi_GetAuthIdentityUserDomainW(const void* identity, const WCHAR** pUser,
1402  UINT32* pUserLength, const WCHAR** pDomain,
1403  UINT32* pDomainLength);
1404  WINPR_API BOOL sspi_GetAuthIdentityUserDomainA(const void* identity, const char** pUser,
1405  UINT32* pUserLength, const char** pDomain,
1406  UINT32* pDomainLength);
1407  WINPR_API BOOL sspi_GetAuthIdentityPasswordW(const void* identity, const WCHAR** pPassword,
1408  UINT32* pPasswordLength);
1409  WINPR_API BOOL sspi_GetAuthIdentityPasswordA(const void* identity, const char** pPassword,
1410  UINT32* pPasswordLength);
1411  WINPR_API BOOL sspi_CopyAuthIdentityFieldsA(const SEC_WINNT_AUTH_IDENTITY_INFO* identity,
1412  char** pUser, char** pDomain, char** pPassword);
1413  WINPR_API BOOL sspi_CopyAuthIdentityFieldsW(const SEC_WINNT_AUTH_IDENTITY_INFO* identity,
1414  WCHAR** pUser, WCHAR** pDomain, WCHAR** pPassword);
1415  WINPR_API BOOL sspi_CopyAuthPackageListA(const SEC_WINNT_AUTH_IDENTITY_INFO* identity,
1416  char** pPackageList);
1417  WINPR_API int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity,
1418  const SEC_WINNT_AUTH_IDENTITY_INFO* srcIdentity);
1419 
1420  WINPR_API void sspi_FreeAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity);
1421 
1422  WINPR_API const char* GetSecurityStatusString(SECURITY_STATUS status);
1423 
1424  WINPR_API SecurityFunctionTableW* SEC_ENTRY InitSecurityInterfaceExW(DWORD flags);
1425  WINPR_API SecurityFunctionTableA* SEC_ENTRY InitSecurityInterfaceExA(DWORD flags);
1426 
1427 #ifdef UNICODE
1428 #define InitSecurityInterfaceEx InitSecurityInterfaceExW
1429 #define INIT_SECURITY_INTERFACE_EX INIT_SECURITY_INTERFACE_EX_W
1430 #else
1431 #define InitSecurityInterfaceEx InitSecurityInterfaceExA
1432 #define INIT_SECURITY_INTERFACE_EX INIT_SECURITY_INTERFACE_EX_A
1433 #endif
1434 
1435 #ifdef __cplusplus
1436 }
1437 #endif
1438 
1439 #endif /* WINPR_SSPI_H */
SECURITY_INTEGER
Definition: include/winpr/sspi.h:51
SEC_CHANNEL_BINDINGS
Definition: include/winpr/sspi.h:348
SEC_WINNT_AUTH_IDENTITY_A
Definition: include/winpr/sspi.h:688
SEC_WINNT_AUTH_IDENTITY_EX2
Definition: include/winpr/sspi.h:757
SEC_WINNT_AUTH_IDENTITY_EXA
Definition: include/winpr/sspi.h:729
SEC_WINNT_AUTH_IDENTITY_EXW
Definition: include/winpr/sspi.h:714
SEC_WINNT_AUTH_IDENTITY_WINPR
Definition: include/winpr/sspi.h:882
SEC_WINNT_AUTH_IDENTITY_W
Definition: include/winpr/sspi.h:677
SEC_WINPR_KERBEROS_SETTINGS
Definition: include/winpr/sspi.h:867
SEC_WINPR_NTLM_SETTINGS
Definition: include/winpr/sspi.h:860
SecPkgContex_DceInfo
Definition: include/winpr/sspi.h:342
SecPkgContext_AccessToken
Definition: include/winpr/sspi.h:301
SecPkgContext_AuthIdentity
Definition: include/winpr/sspi.h:1339
SecPkgContext_AuthNtlmClientChallenge
Definition: include/winpr/sspi.h:1362
SecPkgContext_AuthNtlmHash
Definition: include/winpr/sspi.h:1350
SecPkgContext_AuthNtlmMessage
Definition: include/winpr/sspi.h:1372
SecPkgContext_AuthNtlmServerChallenge
Definition: include/winpr/sspi.h:1367
SecPkgContext_AuthNtlmTimestamp
Definition: include/winpr/sspi.h:1356
SecPkgContext_AuthPassword
Definition: include/winpr/sspi.h:1345
SecPkgContext_Authority
Definition: include/winpr/sspi.h:313
SecPkgContext_Bindings
Definition: include/winpr/sspi.h:552
SecPkgContext_ClientCreds
Definition: include/winpr/sspi.h:336
SecPkgContext_ClientSpecifiedTarget
Definition: include/winpr/sspi.h:318
SecPkgContext_ConnectionInfo
Definition: include/winpr/sspi.h:325
SecPkgContext_EapKeyBlock
Definition: include/winpr/sspi.h:360
SecPkgContext_Flags
Definition: include/winpr/sspi.h:366
SecPkgContext_KeyInfo
Definition: include/winpr/sspi.h:371
SecPkgContext_Lifespan
Definition: include/winpr/sspi.h:380
SecPkgContext_Names
Definition: include/winpr/sspi.h:386
SecPkgContext_NativeNames
Definition: include/winpr/sspi.h:391
SecPkgContext_NegotiationInfo
Definition: include/winpr/sspi.h:397
SecPkgContext_PackageInfo
Definition: include/winpr/sspi.h:403
SecPkgContext_PasswordExpiry
Definition: include/winpr/sspi.h:408
SecPkgContext_SessionAppData
Definition: include/winpr/sspi.h:306
SecPkgContext_SessionInfo
Definition: include/winpr/sspi.h:419
SecPkgContext_SessionKey
Definition: include/winpr/sspi.h:413
SecPkgContext_Sizes
Definition: include/winpr/sspi.h:426
SecPkgContext_StreamSizes
Definition: include/winpr/sspi.h:434
SecPkgContext_SubjectAttributes
Definition: include/winpr/sspi.h:443
SecPkgContext_SupportedSignatures
Definition: include/winpr/sspi.h:448
SecPkgContext_TargetInformation
Definition: include/winpr/sspi.h:454
SecPkgCredentials_Cert
Definition: include/winpr/sspi.h:509
SecPkgCredentials_KdcProxySettingsA
Definition: include/winpr/sspi.h:534
SecPkgCredentials_KdcProxySettingsW
Definition: include/winpr/sspi.h:524
SecPkgCredentials_NamesA
Definition: include/winpr/sspi.h:467
SecPkgCredentials_NamesW
Definition: include/winpr/sspi.h:473
SecPkgCredentials_SSIProviderA
Definition: include/winpr/sspi.h:494
SecPkgCredentials_SSIProviderW
Definition: include/winpr/sspi.h:487
SEC_WINNT_AUTH_IDENTITY_INFO
Definition: include/winpr/sspi.h:780