1 // Copyright (C) 2002 Microsoft Corporation 2 // All rights reserved. 3 // 4 // THIS CODE AND INFORMATION IS PROVIDED "AS IS" 5 // WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 6 // OR IMPLIED, INCLUDING BUT NOT LIMITED 7 // TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY 8 // AND/OR FITNESS FOR A PARTICULAR PURPOSE. 9 // 10 // Date - 10/08/2002 11 // Author - Sanj Surati 12 13 ///////////////////////////////////////////////////////////// 14 // 15 // SPNEGO.H 16 // 17 // SPNEGO Token Handler Header File 18 // 19 // Contains the definitions required to interpret and create 20 // SPNEGO tokens so that Kerberos GSS tokens can be 21 // Unpackaged/packaged. 22 // 23 ///////////////////////////////////////////////////////////// 24 25 #pragma ident "%Z%%M% %I% %E% SMI" 26 27 #ifndef __SPNEGO_H__ 28 #define __SPNEGO_H__ 29 30 // C++ Specific 31 #if defined(__cplusplus) 32 extern "C" 33 { 34 #endif 35 36 // Type Definitions 37 38 // 39 // Users of SPNEGO Token Handler API will request 40 // these as well as free them, 41 // 42 typedef void* SPNEGO_TOKEN_HANDLE; 43 44 // 45 // Defines the element types that are found 46 // in each of the tokens. 47 // 48 49 typedef enum spnego_element_type 50 { 51 spnego_element_min, // Lower bound 52 53 // Init token elements 54 spnego_init_mechtypes, 55 spnego_init_reqFlags, 56 spnego_init_mechToken, 57 spnego_init_mechListMIC, 58 59 // Targ token elements 60 spnego_targ_negResult, 61 spnego_targ_supportedMech, 62 spnego_targ_responseToken, 63 spnego_targ_mechListMIC, 64 65 spnego_element_max // Upper bound 66 67 } SPNEGO_ELEMENT_TYPE; 68 69 // 70 // Token Element Availability. Elements in both 71 // token types are optional. Since there are only 72 // 4 elements in each Token, we will allocate space 73 // to hold the information, but we need a way to 74 // indicate whether or not an element is available 75 // 76 77 #define SPNEGO_TOKEN_ELEMENT_UNAVAILABLE 0 78 #define SPNEGO_TOKEN_ELEMENT_AVAILABLE 1 79 80 // 81 // Token type values. SPNEGO has 2 token types: 82 // NegTokenInit and NegTokenTarg 83 // 84 85 #define SPNEGO_TOKEN_INIT 0 86 #define SPNEGO_TOKEN_TARG 1 87 88 // 89 // GSS Mechanism OID enumeration. We only really handle 90 // 3 different OIDs. These are stored in an array structure 91 // defined in the parsing code. 92 // 93 94 typedef enum spnego_mech_oid 95 { 96 // Init token elements 97 spnego_mech_oid_Kerberos_V5_Legacy, // Really V5, but OID off by 1 bit 98 spnego_mech_oid_Kerberos_V5, 99 spnego_mech_oid_Spnego, 100 spnego_mech_oid_NTLMSSP, 101 spnego_mech_oid_NotUsed = -1 102 103 } SPNEGO_MECH_OID; 104 105 // 106 // Defines the negResult values. 107 // 108 109 typedef enum spnego_negResult 110 { 111 spnego_negresult_success, 112 spnego_negresult_incomplete, 113 spnego_negresult_rejected, 114 spnego_negresult_NotUsed = -1 115 } SPNEGO_NEGRESULT; 116 117 // 118 // Context Flags in NegTokenInit 119 // 120 121 // 122 // ContextFlags values MUST be zero or a combination 123 // of the below 124 // 125 126 #define SPNEGO_NEGINIT_CONTEXT_DELEG_FLAG 0x80 127 #define SPNEGO_NEGINIT_CONTEXT_MUTUAL_FLAG 0x40 128 #define SPNEGO_NEGINIT_CONTEXT_REPLAY_FLAG 0x20 129 #define SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG 0x10 130 #define SPNEGO_NEGINIT_CONTEXT_ANON_FLAG 0x8 131 #define SPNEGO_NEGINIT_CONTEXT_CONF_FLAG 0x4 132 #define SPNEGO_NEGINIT_CONTEXT_INTEG_FLAG 0x2 133 134 // 135 // Mask to retrieve valid values. 136 // 137 138 #define SPNEGO_NEGINIT_CONTEXT_MASK 0xFE // Logical combination of above flags 139 140 // 141 // SPNEGO API return codes. 142 // 143 144 // API function was successful 145 #define SPNEGO_E_SUCCESS 0 146 147 // The supplied Token was invalid 148 #define SPNEGO_E_INVALID_TOKEN -1 149 150 // An invalid length was encountered 151 #define SPNEGO_E_INVALID_LENGTH -2 152 153 // The Token Parse failed 154 #define SPNEGO_E_PARSE_FAILED -3 155 156 // The requested value was not found 157 #define SPNEGO_E_NOT_FOUND -4 158 159 // The requested element is not available 160 #define SPNEGO_E_ELEMENT_UNAVAILABLE -5 161 162 // Out of Memory 163 #define SPNEGO_E_OUT_OF_MEMORY -6 164 165 // Not Implemented 166 #define SPNEGO_E_NOT_IMPLEMENTED -7 167 168 // Invalid Parameter 169 #define SPNEGO_E_INVALID_PARAMETER -8 170 171 // Token Handler encountered an unexpected OID 172 #define SPNEGO_E_UNEXPECTED_OID -9 173 174 // The requested token was not found 175 #define SPNEGO_E_TOKEN_NOT_FOUND -10 176 177 // An unexpected type was encountered in the encoding 178 #define SPNEGO_E_UNEXPECTED_TYPE -11 179 180 // The buffer was too small 181 #define SPNEGO_E_BUFFER_TOO_SMALL -12 182 183 // A Token Element was invalid (e.g. improper length or value) 184 #define SPNEGO_E_INVALID_ELEMENT -13 185 186 /* Miscelaneous API Functions */ 187 188 // Frees opaque data 189 void spnegoFreeData( SPNEGO_TOKEN_HANDLE hSpnegoToken ); 190 191 // Initializes SPNEGO_TOKEN structure from DER encoded binary data 192 int spnegoInitFromBinary( unsigned char* pbTokenData, unsigned long ulLength, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); 193 194 // Initializes SPNEGO_TOKEN structure for a NegTokenInit type using the 195 // supplied parameters 196 int spnegoCreateNegTokenInit( SPNEGO_MECH_OID MechType, 197 unsigned char ucContextFlags, unsigned char* pbMechToken, 198 unsigned long ulMechTokenLen, unsigned char* pbMechTokenMIC, 199 unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); 200 201 // Initializes SPNEGO_TOKEN structure for a NegTokenTarg type using the 202 // supplied parameters 203 int spnegoCreateNegTokenTarg( SPNEGO_MECH_OID MechType, 204 SPNEGO_NEGRESULT spnegoNegResult, unsigned char* pbMechToken, 205 unsigned long ulMechTokenLen, unsigned char* pbMechListMIC, 206 unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); 207 208 // Copies binary representation of SPNEGO Data into user supplied buffer 209 int spnegoTokenGetBinary( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData, 210 unsigned long * pulDataLen ); 211 212 // Returns SPNEGO Token Type 213 int spnegoGetTokenType( SPNEGO_TOKEN_HANDLE hSpnegoToken, int * piTokenType ); 214 215 /* Reading an Init Token */ 216 217 // Returns the Initial Mech Type in the MechList element in the NegInitToken. 218 int spnegoIsMechTypeAvailable( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID MechOID, int * piMechTypeIndex ); 219 220 // Returns the value from the context flags element in the NegInitToken as an unsigned long 221 int spnegoGetContextFlags( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pucContextFlags ); 222 223 /* Reading a Response Token */ 224 225 // Returns the value from the negResult element (Status code of GSS call - 0,1,2) 226 int spnegoGetNegotiationResult( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_NEGRESULT* pnegResult ); 227 228 // Returns the Supported Mech Type from the NegTokenTarg. 229 int spnegoGetSupportedMechType( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID* pMechOID ); 230 231 /* Reading either Token Type */ 232 233 // Returns the actual Mechanism data from the token (this is what is passed into GSS-API functions 234 int spnegoGetMechToken( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData, unsigned long* pulDataLen ); 235 236 // Returns the Message Integrity BLOB in the token 237 int spnegoGetMechListMIC( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbMICData, unsigned long* pulDataLen ); 238 239 // C++ Specific 240 #if defined(__cplusplus) 241 } 242 #endif 243 244 #endif 245