]>
Commit | Line | Data |
---|---|---|
3e5d7cdf | 1 | // Copyright (C) 2002 Microsoft Corporation |
2 | // All rights reserved. | |
3 | // | |
4 | // THIS CODE AND INFORMATION IS PROVIDED "AS IS" | |
5 | // WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED | |
6 | // OR IMPLIED, INCLUDING BUT NOT LIMITED | |
7 | // TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY | |
8 | // AND/OR FITNESS FOR A PARTICULAR PURPOSE. | |
9 | // | |
10 | // Date - 10/08/2002 | |
11 | // Author - Sanj Surati | |
12 | ||
13 | ///////////////////////////////////////////////////////////// | |
14 | // | |
15 | // SPNEGO.H | |
16 | // | |
17 | // SPNEGO Token Handler Header File | |
18 | // | |
19 | // Contains the definitions required to interpret and create | |
20 | // SPNEGO tokens so that Kerberos GSS tokens can be | |
21 | // Unpackaged/packaged. | |
22 | // | |
23 | ///////////////////////////////////////////////////////////// | |
24 | ||
25 | #ifndef __SPNEGO_H__ | |
26 | #define __SPNEGO_H__ | |
27 | ||
28 | // C++ Specific | |
29 | #if defined(__cplusplus) | |
e1381638 | 30 | extern "C" { |
3e5d7cdf | 31 | #endif |
32 | ||
33 | // Type Definitions | |
34 | ||
35 | // | |
36 | // Users of SPNEGO Token Handler API will request | |
37 | // these as well as free them, | |
38 | // | |
26ac0430 | 39 | typedef void* SPNEGO_TOKEN_HANDLE; |
3e5d7cdf | 40 | |
41 | // | |
42 | // Defines the element types that are found | |
43 | // in each of the tokens. | |
44 | // | |
45 | ||
26ac0430 AJ |
46 | typedef enum spnego_element_type { |
47 | spnego_element_min, // Lower bound | |
3e5d7cdf | 48 | |
26ac0430 AJ |
49 | // Init token elements |
50 | spnego_init_mechtypes, | |
51 | spnego_init_reqFlags, | |
52 | spnego_init_mechToken, | |
53 | spnego_init_mechListMIC, | |
3e5d7cdf | 54 | |
26ac0430 AJ |
55 | // Targ token elements |
56 | spnego_targ_negResult, | |
57 | spnego_targ_supportedMech, | |
58 | spnego_targ_responseToken, | |
59 | spnego_targ_mechListMIC, | |
3e5d7cdf | 60 | |
26ac0430 | 61 | spnego_element_max // Upper bound |
3e5d7cdf | 62 | |
26ac0430 | 63 | } SPNEGO_ELEMENT_TYPE; |
3e5d7cdf | 64 | |
65 | // | |
66 | // Token Element Availability. Elements in both | |
67 | // token types are optional. Since there are only | |
68 | // 4 elements in each Token, we will allocate space | |
69 | // to hold the information, but we need a way to | |
70 | // indicate whether or not an element is available | |
71 | // | |
72 | ||
73 | #define SPNEGO_TOKEN_ELEMENT_UNAVAILABLE 0 | |
74 | #define SPNEGO_TOKEN_ELEMENT_AVAILABLE 1 | |
75 | ||
76 | // | |
77 | // Token type values. SPNEGO has 2 token types: | |
78 | // NegTokenInit and NegTokenTarg | |
79 | // | |
80 | ||
81 | #define SPNEGO_TOKEN_INIT 0 | |
82 | #define SPNEGO_TOKEN_TARG 1 | |
83 | ||
84 | // | |
85 | // GSS Mechanism OID enumeration. We only really handle | |
86 | // 3 different OIDs. These are stored in an array structure | |
87 | // defined in the parsing code. | |
88 | // | |
89 | ||
26ac0430 AJ |
90 | typedef enum spnego_mech_oid { |
91 | // Init token elements | |
92 | spnego_mech_oid_Kerberos_V5_Legacy, // Really V5, but OID off by 1 bit | |
93 | spnego_mech_oid_Kerberos_V5, | |
94 | spnego_mech_oid_Spnego, | |
95 | spnego_mech_oid_NotUsed = -1 | |
3e5d7cdf | 96 | |
26ac0430 | 97 | } SPNEGO_MECH_OID; |
3e5d7cdf | 98 | |
99 | // | |
100 | // Defines the negResult values. | |
101 | // | |
102 | ||
26ac0430 AJ |
103 | typedef enum spnego_negResult { |
104 | spnego_negresult_success, | |
105 | spnego_negresult_incomplete, | |
106 | spnego_negresult_rejected, | |
107 | spnego_negresult_NotUsed = -1 | |
108 | } SPNEGO_NEGRESULT; | |
3e5d7cdf | 109 | |
110 | // | |
111 | // Context Flags in NegTokenInit | |
112 | // | |
113 | ||
114 | // | |
115 | // ContextFlags values MUST be zero or a combination | |
116 | // of the below | |
117 | // | |
118 | ||
119 | #define SPNEGO_NEGINIT_CONTEXT_DELEG_FLAG 0x80 | |
120 | #define SPNEGO_NEGINIT_CONTEXT_MUTUAL_FLAG 0x40 | |
121 | #define SPNEGO_NEGINIT_CONTEXT_REPLAY_FLAG 0x20 | |
122 | #define SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG 0x10 | |
123 | #define SPNEGO_NEGINIT_CONTEXT_ANON_FLAG 0x8 | |
124 | #define SPNEGO_NEGINIT_CONTEXT_CONF_FLAG 0x4 | |
125 | #define SPNEGO_NEGINIT_CONTEXT_INTEG_FLAG 0x2 | |
126 | ||
127 | // | |
128 | // Mask to retrieve valid values. | |
129 | // | |
130 | ||
131 | #define SPNEGO_NEGINIT_CONTEXT_MASK 0xFE // Logical combination of above flags | |
132 | ||
133 | // | |
134 | // SPNEGO API return codes. | |
135 | // | |
136 | ||
137 | // API function was successful | |
138 | #define SPNEGO_E_SUCCESS 0 | |
139 | ||
140 | // The supplied Token was invalid | |
141 | #define SPNEGO_E_INVALID_TOKEN -1 | |
142 | ||
143 | // An invalid length was encountered | |
144 | #define SPNEGO_E_INVALID_LENGTH -2 | |
145 | ||
146 | // The Token Parse failed | |
147 | #define SPNEGO_E_PARSE_FAILED -3 | |
148 | ||
149 | // The requested value was not found | |
150 | #define SPNEGO_E_NOT_FOUND -4 | |
151 | ||
152 | // The requested element is not available | |
153 | #define SPNEGO_E_ELEMENT_UNAVAILABLE -5 | |
154 | ||
155 | // Out of Memory | |
156 | #define SPNEGO_E_OUT_OF_MEMORY -6 | |
157 | ||
158 | // Not Implemented | |
159 | #define SPNEGO_E_NOT_IMPLEMENTED -7 | |
160 | ||
161 | // Invalid Parameter | |
162 | #define SPNEGO_E_INVALID_PARAMETER -8 | |
163 | ||
164 | // Token Handler encountered an unexpected OID | |
165 | #define SPNEGO_E_UNEXPECTED_OID -9 | |
166 | ||
167 | // The requested token was not found | |
168 | #define SPNEGO_E_TOKEN_NOT_FOUND -10 | |
169 | ||
170 | // An unexpected type was encountered in the encoding | |
171 | #define SPNEGO_E_UNEXPECTED_TYPE -11 | |
172 | ||
173 | // The buffer was too small | |
174 | #define SPNEGO_E_BUFFER_TOO_SMALL -12 | |
175 | ||
176 | // A Token Element was invalid (e.g. improper length or value) | |
177 | #define SPNEGO_E_INVALID_ELEMENT -13 | |
178 | ||
26ac0430 | 179 | /* Miscelaneous API Functions */ |
3e5d7cdf | 180 | |
181 | // Frees opaque data | |
26ac0430 | 182 | void spnegoFreeData( SPNEGO_TOKEN_HANDLE hSpnegoToken ); |
3e5d7cdf | 183 | |
184 | // Initializes SPNEGO_TOKEN structure from DER encoded binary data | |
26ac0430 | 185 | int spnegoInitFromBinary( unsigned char* pbTokenData, unsigned long ulLength, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); |
3e5d7cdf | 186 | |
187 | // Initializes SPNEGO_TOKEN structure for a NegTokenInit type using the | |
188 | // supplied parameters | |
26ac0430 AJ |
189 | int spnegoCreateNegTokenInit( SPNEGO_MECH_OID MechType, |
190 | unsigned char ucContextFlags, unsigned char* pbMechToken, | |
191 | unsigned long ulMechTokenLen, unsigned char* pbMechTokenMIC, | |
192 | unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); | |
3e5d7cdf | 193 | |
194 | // Initializes SPNEGO_TOKEN structure for a NegTokenTarg type using the | |
195 | // supplied parameters | |
26ac0430 AJ |
196 | int spnegoCreateNegTokenTarg( SPNEGO_MECH_OID MechType, |
197 | SPNEGO_NEGRESULT spnegoNegResult, unsigned char* pbMechToken, | |
198 | unsigned long ulMechTokenLen, unsigned char* pbMechListMIC, | |
199 | unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); | |
3e5d7cdf | 200 | |
201 | // Copies binary representation of SPNEGO Data into user supplied buffer | |
26ac0430 AJ |
202 | int spnegoTokenGetBinary( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData, |
203 | unsigned long * pulDataLen ); | |
3e5d7cdf | 204 | |
205 | // Returns SPNEGO Token Type | |
26ac0430 | 206 | int spnegoGetTokenType( SPNEGO_TOKEN_HANDLE hSpnegoToken, int * piTokenType ); |
3e5d7cdf | 207 | |
26ac0430 | 208 | /* Reading an Init Token */ |
3e5d7cdf | 209 | |
210 | // Returns the Initial Mech Type in the MechList element in the NegInitToken. | |
26ac0430 | 211 | int spnegoIsMechTypeAvailable( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID MechOID, int * piMechTypeIndex ); |
3e5d7cdf | 212 | |
213 | // Returns the value from the context flags element in the NegInitToken as an unsigned long | |
26ac0430 | 214 | int spnegoGetContextFlags( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pucContextFlags ); |
3e5d7cdf | 215 | |
26ac0430 | 216 | /* Reading a Response Token */ |
3e5d7cdf | 217 | |
218 | // Returns the value from the negResult element (Status code of GSS call - 0,1,2) | |
26ac0430 | 219 | int spnegoGetNegotiationResult( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_NEGRESULT* pnegResult ); |
3e5d7cdf | 220 | |
221 | // Returns the Supported Mech Type from the NegTokenTarg. | |
26ac0430 | 222 | int spnegoGetSupportedMechType( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID* pMechOID ); |
3e5d7cdf | 223 | |
26ac0430 | 224 | /* Reading either Token Type */ |
3e5d7cdf | 225 | |
226 | // Returns the actual Mechanism data from the token (this is what is passed into GSS-API functions | |
26ac0430 | 227 | int spnegoGetMechToken( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData, unsigned long* pulDataLen ); |
3e5d7cdf | 228 | |
229 | // Returns the Message Integrity BLOB in the token | |
26ac0430 | 230 | int spnegoGetMechListMIC( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbMICData, unsigned long* pulDataLen ); |
3e5d7cdf | 231 | |
232 | // C++ Specific | |
233 | #if defined(__cplusplus) | |
234 | } | |
235 | #endif | |
236 | #ifdef DEBUG | |
237 | #include <stdio.h> | |
26ac0430 AJ |
238 | #define PRERR(...) fprintf(stderr, __VA_ARGS__) |
239 | #define LOG(x) PRERR x | |
3e5d7cdf | 240 | #else |
26ac0430 | 241 | #define LOG(x) |
3e5d7cdf | 242 | #endif |
243 | #endif |