dlls/secur32/secur32_priv.h

   1 /*
   2  * secur32 private definitions.
   3  *
   4  * Copyright (C) 2004 Juan Lang
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2.1 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, write to the Free Software
  18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  19  */
  20
  21 #ifndef __SECUR32_PRIV_H__
  22 #define __SECUR32_PRIV_H__
  23
  24 #include <sys/types.h>
  25 #include <limits.h>
  26 #include "wine/heap.h"
  27 #include "wine/list.h"
  28 #include "schannel.h"
  29
  30 typedef struct _SecureProvider
  31 {
  32     struct list             entry;
  33     BOOL                    loaded;
  34     PWSTR                   moduleName;
  35     HMODULE                 lib;
  36     SecurityFunctionTableA  fnTableA;
  37     SecurityFunctionTableW  fnTableW;
  38 } SecureProvider;
  39
  40 typedef struct _SecurePackage
  41 {
  42     struct list     entry;
  43     SecPkgInfoW     infoW;
  44     SecureProvider *provider;
  45 } SecurePackage;
  46
  47 typedef enum _helper_mode {
  48     NTLM_SERVER,
  49     NTLM_CLIENT,
  50     NUM_HELPER_MODES
  51 } HelperMode;
  52
  53 typedef struct tag_arc4_info {
  54     unsigned char x, y;
  55     unsigned char state[256];
  56 } arc4_info;
  57
  58 typedef struct _NegoHelper {
  59     pid_t helper_pid;
  60     HelperMode mode;
  61     int pipe_in;
  62     int pipe_out;
  63     int major;
  64     int minor;
  65     int micro;
  66     char *com_buf;
  67     int com_buf_size;
  68     int com_buf_offset;
  69     BYTE *session_key;
  70     ULONG neg_flags;
  71     struct {
  72         struct {
  73             ULONG seq_num;
  74             arc4_info *a4i;
  75         } ntlm;
  76         struct {
  77             BYTE *send_sign_key;
  78             BYTE *send_seal_key;
  79             BYTE *recv_sign_key;
  80             BYTE *recv_seal_key;
  81             ULONG send_seq_no;
  82             ULONG recv_seq_no;
  83             arc4_info *send_a4i;
  84             arc4_info *recv_a4i;
  85         } ntlm2;
  86     } crypt;
  87 } NegoHelper, *PNegoHelper;
  88
  89 typedef struct _NtlmCredentials
  90 {
  91     HelperMode mode;
  92
  93     /* these are all in the Unix codepage */
  94     char *username_arg;
  95     char *domain_arg;
  96     char *password; /* not nul-terminated */
  97     int pwlen;
  98     int no_cached_credentials; /* don't try to use cached Samba credentials */
  99 } NtlmCredentials, *PNtlmCredentials;
 100
 101 typedef enum _sign_direction {
 102     NTLM_SEND,
 103     NTLM_RECV
 104 } SignDirection;
 105
 106 /* Allocates space for and initializes a new provider.  If fnTableA or fnTableW
 107  * is non-NULL, assumes the provider is built-in, and if moduleName is non-NULL,
 108  * means must load the LSA/user mode functions tables from external SSP/AP module.
 109  * Otherwise moduleName must not be NULL.
 110  * Returns a pointer to the stored provider entry, for use adding packages.
 111  */
 112 SecureProvider *SECUR32_addProvider(const SecurityFunctionTableA *fnTableA,
 113  const SecurityFunctionTableW *fnTableW, PCWSTR moduleName) DECLSPEC_HIDDEN;
 114
 115 /* Allocates space for and adds toAdd packages with the given provider.
 116  * provider must not be NULL, and either infoA or infoW may be NULL, but not
 117  * both.
 118  */
 119 void SECUR32_addPackages(SecureProvider *provider, ULONG toAdd,
 120  const SecPkgInfoA *infoA, const SecPkgInfoW *infoW) DECLSPEC_HIDDEN;
 121
 122 /* Tries to find the package named packageName.  If it finds it, implicitly
 123  * loads the package if it isn't already loaded.
 124  */
 125 SecurePackage *SECUR32_findPackageW(PCWSTR packageName) DECLSPEC_HIDDEN;
 126
 127 /* Tries to find the package named packageName.  (Thunks to _findPackageW)
 128  */
 129 SecurePackage *SECUR32_findPackageA(PCSTR packageName) DECLSPEC_HIDDEN;
 130
 131 /* A few string helpers; will return NULL if str is NULL.  Free return with
 132  * HeapFree */
 133 PWSTR SECUR32_AllocWideFromMultiByte(PCSTR str) DECLSPEC_HIDDEN;
 134 PSTR  SECUR32_AllocMultiByteFromWide(PCWSTR str) DECLSPEC_HIDDEN;
 135
 136 /* Initialization functions for built-in providers */
 137 void SECUR32_initSchannelSP(void) DECLSPEC_HIDDEN;
 138 void SECUR32_initNegotiateSP(void) DECLSPEC_HIDDEN;
 139 void SECUR32_initNTLMSP(void) DECLSPEC_HIDDEN;
 140 void load_auth_packages(void) DECLSPEC_HIDDEN;
 141
 142 /* Cleanup functions for built-in providers */
 143 void SECUR32_deinitSchannelSP(void) DECLSPEC_HIDDEN;
 144
 145 /* Functions from dispatcher.c used elsewhere in the code */
 146 SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
 147         char * const argv[]) DECLSPEC_HIDDEN;
 148
 149 SECURITY_STATUS run_helper(PNegoHelper helper, char *buffer,
 150         unsigned int max_buflen, int *buflen) DECLSPEC_HIDDEN;
 151
 152 void cleanup_helper(PNegoHelper helper) DECLSPEC_HIDDEN;
 153
 154 void check_version(PNegoHelper helper) DECLSPEC_HIDDEN;
 155
 156 /* Functions from base64_codec.c used elsewhere */
 157 SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char* out_buf,
 158         int max_len, int *out_len) DECLSPEC_HIDDEN;
 159
 160 SECURITY_STATUS decodeBase64(char *in_buf, int in_len, BYTE *out_buf,
 161         int max_len, int *out_len) DECLSPEC_HIDDEN;
 162
 163 /* Functions from util.c */
 164 SECURITY_STATUS SECUR32_CreateNTLM1SessionKey(PBYTE password, int len, PBYTE session_key) DECLSPEC_HIDDEN;
 165 SECURITY_STATUS SECUR32_CreateNTLM2SubKeys(PNegoHelper helper) DECLSPEC_HIDDEN;
 166 arc4_info *SECUR32_arc4Alloc(void) DECLSPEC_HIDDEN;
 167 void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen) DECLSPEC_HIDDEN;
 168 void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length) DECLSPEC_HIDDEN;
 169 void SECUR32_arc4Cleanup(arc4_info *a4i) DECLSPEC_HIDDEN;
 170
 171 /* NTLMSSP flags indicating the negotiated features */
 172 #define NTLMSSP_NEGOTIATE_UNICODE                   0x00000001
 173 #define NTLMSSP_NEGOTIATE_OEM                       0x00000002
 174 #define NTLMSSP_REQUEST_TARGET                      0x00000004
 175 #define NTLMSSP_NEGOTIATE_SIGN                      0x00000010
 176 #define NTLMSSP_NEGOTIATE_SEAL                      0x00000020
 177 #define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE            0x00000040
 178 #define NTLMSSP_NEGOTIATE_LM_SESSION_KEY            0x00000080
 179 #define NTLMSSP_NEGOTIATE_NTLM                      0x00000200
 180 #define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED           0x00001000
 181 #define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED      0x00002000
 182 #define NTLMSSP_NEGOTIATE_LOCAL_CALL                0x00004000
 183 #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN               0x00008000
 184 #define NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN        0x00010000
 185 #define NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER        0x00020000
 186 #define NTLMSSP_NEGOTIATE_NTLM2                     0x00080000
 187 #define NTLMSSP_NEGOTIATE_TARGET_INFO               0x00800000
 188 #define NTLMSSP_NEGOTIATE_128                       0x20000000
 189 #define NTLMSSP_NEGOTIATE_KEY_EXCHANGE              0x40000000
 190 #define NTLMSSP_NEGOTIATE_56                        0x80000000
 191
 192
 193 /* schannel internal interface */
 194 typedef struct schan_imp_session_opaque *schan_imp_session;
 195
 196 typedef struct schan_credentials
 197 {
 198     ULONG credential_use;
 199     void *credentials;
 200     DWORD enabled_protocols;
 201 } schan_credentials;
 202
 203 struct schan_transport;
 204
 205 struct schan_buffers
 206 {
 207     SIZE_T offset;
 208     SIZE_T limit;
 209     const SecBufferDesc *desc;
 210     int current_buffer_idx;
 211     BOOL allow_buffer_resize;
 212     int (*get_next_buffer)(const struct schan_transport *, struct schan_buffers *);
 213 };
 214
 215 struct schan_transport
 216 {
 217     struct schan_context *ctx;
 218     struct schan_buffers in;
 219     struct schan_buffers out;
 220 };
 221
 222 char *schan_get_buffer(const struct schan_transport *t, struct schan_buffers *s, SIZE_T *count) DECLSPEC_HIDDEN;
 223 extern int schan_pull(struct schan_transport *t, void *buff, size_t *buff_len) DECLSPEC_HIDDEN;
 224 extern int schan_push(struct schan_transport *t, const void *buff, size_t *buff_len) DECLSPEC_HIDDEN;
 225
 226 extern schan_imp_session schan_session_for_transport(struct schan_transport* t) DECLSPEC_HIDDEN;
 227
 228 /* schannel implementation interface */
 229 extern BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred) DECLSPEC_HIDDEN;
 230 extern void schan_imp_dispose_session(schan_imp_session session) DECLSPEC_HIDDEN;
 231 extern void schan_imp_set_session_transport(schan_imp_session session,
 232                                             struct schan_transport *t) DECLSPEC_HIDDEN;
 233 extern void schan_imp_set_session_target(schan_imp_session session, const char *target) DECLSPEC_HIDDEN;
 234 extern SECURITY_STATUS schan_imp_handshake(schan_imp_session session) DECLSPEC_HIDDEN;
 235 extern unsigned int schan_imp_get_session_cipher_block_size(schan_imp_session session) DECLSPEC_HIDDEN;
 236 extern unsigned int schan_imp_get_max_message_size(schan_imp_session session) DECLSPEC_HIDDEN;
 237 extern ALG_ID schan_imp_get_key_signature_algorithm(schan_imp_session session) DECLSPEC_HIDDEN;
 238 extern SECURITY_STATUS schan_imp_get_connection_info(schan_imp_session session,
 239                                                      SecPkgContext_ConnectionInfo *info) DECLSPEC_HIDDEN;
 240 extern SECURITY_STATUS schan_imp_get_session_peer_certificate(schan_imp_session session, HCERTSTORE,
 241                                                               PCCERT_CONTEXT *cert) DECLSPEC_HIDDEN;
 242 extern SECURITY_STATUS schan_imp_send(schan_imp_session session, const void *buffer,
 243                                       SIZE_T *length) DECLSPEC_HIDDEN;
 244 extern SECURITY_STATUS schan_imp_recv(schan_imp_session session, void *buffer,
 245                                       SIZE_T *length) DECLSPEC_HIDDEN;
 246 extern BOOL schan_imp_allocate_certificate_credentials(schan_credentials *, const CERT_CONTEXT *) DECLSPEC_HIDDEN;
 247 extern void schan_imp_free_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN;
 248 extern DWORD schan_imp_enabled_protocols(void) DECLSPEC_HIDDEN;
 249 extern BOOL schan_imp_init(void) DECLSPEC_HIDDEN;
 250 extern void schan_imp_deinit(void) DECLSPEC_HIDDEN;
 251 extern void schan_imp_set_application_protocols(schan_imp_session, unsigned char *, unsigned int) DECLSPEC_HIDDEN;
 252 extern SECURITY_STATUS schan_imp_get_application_protocol(schan_imp_session,
 253                                                           SecPkgContext_ApplicationProtocol *) DECLSPEC_HIDDEN;
 254
 255 #endif /* ndef __SECUR32_PRIV_H__ */