1*4bff34e3Sthurlow // Copyright (C) 2002 Microsoft Corporation 2*4bff34e3Sthurlow // All rights reserved. 3*4bff34e3Sthurlow // 4*4bff34e3Sthurlow // THIS CODE AND INFORMATION IS PROVIDED "AS IS" 5*4bff34e3Sthurlow // WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 6*4bff34e3Sthurlow // OR IMPLIED, INCLUDING BUT NOT LIMITED 7*4bff34e3Sthurlow // TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY 8*4bff34e3Sthurlow // AND/OR FITNESS FOR A PARTICULAR PURPOSE. 9*4bff34e3Sthurlow // 10*4bff34e3Sthurlow // Date - 10/08/2002 11*4bff34e3Sthurlow // Author - Sanj Surati 12*4bff34e3Sthurlow 13*4bff34e3Sthurlow ///////////////////////////////////////////////////////////// 14*4bff34e3Sthurlow // 15*4bff34e3Sthurlow // SPNEGO.H 16*4bff34e3Sthurlow // 17*4bff34e3Sthurlow // SPNEGO Token Handler Header File 18*4bff34e3Sthurlow // 19*4bff34e3Sthurlow // Contains the definitions required to interpret and create 20*4bff34e3Sthurlow // SPNEGO tokens so that Kerberos GSS tokens can be 21*4bff34e3Sthurlow // Unpackaged/packaged. 22*4bff34e3Sthurlow // 23*4bff34e3Sthurlow ///////////////////////////////////////////////////////////// 24*4bff34e3Sthurlow 25*4bff34e3Sthurlow #pragma ident "%Z%%M% %I% %E% SMI" 26*4bff34e3Sthurlow 27*4bff34e3Sthurlow #ifndef __SPNEGO_H__ 28*4bff34e3Sthurlow #define __SPNEGO_H__ 29*4bff34e3Sthurlow 30*4bff34e3Sthurlow // C++ Specific 31*4bff34e3Sthurlow #if defined(__cplusplus) 32*4bff34e3Sthurlow extern "C" 33*4bff34e3Sthurlow { 34*4bff34e3Sthurlow #endif 35*4bff34e3Sthurlow 36*4bff34e3Sthurlow // Type Definitions 37*4bff34e3Sthurlow 38*4bff34e3Sthurlow // 39*4bff34e3Sthurlow // Users of SPNEGO Token Handler API will request 40*4bff34e3Sthurlow // these as well as free them, 41*4bff34e3Sthurlow // 42*4bff34e3Sthurlow typedef void* SPNEGO_TOKEN_HANDLE; 43*4bff34e3Sthurlow 44*4bff34e3Sthurlow // 45*4bff34e3Sthurlow // Defines the element types that are found 46*4bff34e3Sthurlow // in each of the tokens. 47*4bff34e3Sthurlow // 48*4bff34e3Sthurlow 49*4bff34e3Sthurlow typedef enum spnego_element_type 50*4bff34e3Sthurlow { 51*4bff34e3Sthurlow spnego_element_min, // Lower bound 52*4bff34e3Sthurlow 53*4bff34e3Sthurlow // Init token elements 54*4bff34e3Sthurlow spnego_init_mechtypes, 55*4bff34e3Sthurlow spnego_init_reqFlags, 56*4bff34e3Sthurlow spnego_init_mechToken, 57*4bff34e3Sthurlow spnego_init_mechListMIC, 58*4bff34e3Sthurlow 59*4bff34e3Sthurlow // Targ token elements 60*4bff34e3Sthurlow spnego_targ_negResult, 61*4bff34e3Sthurlow spnego_targ_supportedMech, 62*4bff34e3Sthurlow spnego_targ_responseToken, 63*4bff34e3Sthurlow spnego_targ_mechListMIC, 64*4bff34e3Sthurlow 65*4bff34e3Sthurlow spnego_element_max // Upper bound 66*4bff34e3Sthurlow 67*4bff34e3Sthurlow } SPNEGO_ELEMENT_TYPE; 68*4bff34e3Sthurlow 69*4bff34e3Sthurlow // 70*4bff34e3Sthurlow // Token Element Availability. Elements in both 71*4bff34e3Sthurlow // token types are optional. Since there are only 72*4bff34e3Sthurlow // 4 elements in each Token, we will allocate space 73*4bff34e3Sthurlow // to hold the information, but we need a way to 74*4bff34e3Sthurlow // indicate whether or not an element is available 75*4bff34e3Sthurlow // 76*4bff34e3Sthurlow 77*4bff34e3Sthurlow #define SPNEGO_TOKEN_ELEMENT_UNAVAILABLE 0 78*4bff34e3Sthurlow #define SPNEGO_TOKEN_ELEMENT_AVAILABLE 1 79*4bff34e3Sthurlow 80*4bff34e3Sthurlow // 81*4bff34e3Sthurlow // Token type values. SPNEGO has 2 token types: 82*4bff34e3Sthurlow // NegTokenInit and NegTokenTarg 83*4bff34e3Sthurlow // 84*4bff34e3Sthurlow 85*4bff34e3Sthurlow #define SPNEGO_TOKEN_INIT 0 86*4bff34e3Sthurlow #define SPNEGO_TOKEN_TARG 1 87*4bff34e3Sthurlow 88*4bff34e3Sthurlow // 89*4bff34e3Sthurlow // GSS Mechanism OID enumeration. We only really handle 90*4bff34e3Sthurlow // 3 different OIDs. These are stored in an array structure 91*4bff34e3Sthurlow // defined in the parsing code. 92*4bff34e3Sthurlow // 93*4bff34e3Sthurlow 94*4bff34e3Sthurlow typedef enum spnego_mech_oid 95*4bff34e3Sthurlow { 96*4bff34e3Sthurlow // Init token elements 97*4bff34e3Sthurlow spnego_mech_oid_Kerberos_V5_Legacy, // Really V5, but OID off by 1 bit 98*4bff34e3Sthurlow spnego_mech_oid_Kerberos_V5, 99*4bff34e3Sthurlow spnego_mech_oid_Spnego, 100*4bff34e3Sthurlow spnego_mech_oid_NTLMSSP, 101*4bff34e3Sthurlow spnego_mech_oid_NotUsed = -1 102*4bff34e3Sthurlow 103*4bff34e3Sthurlow } SPNEGO_MECH_OID; 104*4bff34e3Sthurlow 105*4bff34e3Sthurlow // 106*4bff34e3Sthurlow // Defines the negResult values. 107*4bff34e3Sthurlow // 108*4bff34e3Sthurlow 109*4bff34e3Sthurlow typedef enum spnego_negResult 110*4bff34e3Sthurlow { 111*4bff34e3Sthurlow spnego_negresult_success, 112*4bff34e3Sthurlow spnego_negresult_incomplete, 113*4bff34e3Sthurlow spnego_negresult_rejected, 114*4bff34e3Sthurlow spnego_negresult_NotUsed = -1 115*4bff34e3Sthurlow } SPNEGO_NEGRESULT; 116*4bff34e3Sthurlow 117*4bff34e3Sthurlow // 118*4bff34e3Sthurlow // Context Flags in NegTokenInit 119*4bff34e3Sthurlow // 120*4bff34e3Sthurlow 121*4bff34e3Sthurlow // 122*4bff34e3Sthurlow // ContextFlags values MUST be zero or a combination 123*4bff34e3Sthurlow // of the below 124*4bff34e3Sthurlow // 125*4bff34e3Sthurlow 126*4bff34e3Sthurlow #define SPNEGO_NEGINIT_CONTEXT_DELEG_FLAG 0x80 127*4bff34e3Sthurlow #define SPNEGO_NEGINIT_CONTEXT_MUTUAL_FLAG 0x40 128*4bff34e3Sthurlow #define SPNEGO_NEGINIT_CONTEXT_REPLAY_FLAG 0x20 129*4bff34e3Sthurlow #define SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG 0x10 130*4bff34e3Sthurlow #define SPNEGO_NEGINIT_CONTEXT_ANON_FLAG 0x8 131*4bff34e3Sthurlow #define SPNEGO_NEGINIT_CONTEXT_CONF_FLAG 0x4 132*4bff34e3Sthurlow #define SPNEGO_NEGINIT_CONTEXT_INTEG_FLAG 0x2 133*4bff34e3Sthurlow 134*4bff34e3Sthurlow // 135*4bff34e3Sthurlow // Mask to retrieve valid values. 136*4bff34e3Sthurlow // 137*4bff34e3Sthurlow 138*4bff34e3Sthurlow #define SPNEGO_NEGINIT_CONTEXT_MASK 0xFE // Logical combination of above flags 139*4bff34e3Sthurlow 140*4bff34e3Sthurlow // 141*4bff34e3Sthurlow // SPNEGO API return codes. 142*4bff34e3Sthurlow // 143*4bff34e3Sthurlow 144*4bff34e3Sthurlow // API function was successful 145*4bff34e3Sthurlow #define SPNEGO_E_SUCCESS 0 146*4bff34e3Sthurlow 147*4bff34e3Sthurlow // The supplied Token was invalid 148*4bff34e3Sthurlow #define SPNEGO_E_INVALID_TOKEN -1 149*4bff34e3Sthurlow 150*4bff34e3Sthurlow // An invalid length was encountered 151*4bff34e3Sthurlow #define SPNEGO_E_INVALID_LENGTH -2 152*4bff34e3Sthurlow 153*4bff34e3Sthurlow // The Token Parse failed 154*4bff34e3Sthurlow #define SPNEGO_E_PARSE_FAILED -3 155*4bff34e3Sthurlow 156*4bff34e3Sthurlow // The requested value was not found 157*4bff34e3Sthurlow #define SPNEGO_E_NOT_FOUND -4 158*4bff34e3Sthurlow 159*4bff34e3Sthurlow // The requested element is not available 160*4bff34e3Sthurlow #define SPNEGO_E_ELEMENT_UNAVAILABLE -5 161*4bff34e3Sthurlow 162*4bff34e3Sthurlow // Out of Memory 163*4bff34e3Sthurlow #define SPNEGO_E_OUT_OF_MEMORY -6 164*4bff34e3Sthurlow 165*4bff34e3Sthurlow // Not Implemented 166*4bff34e3Sthurlow #define SPNEGO_E_NOT_IMPLEMENTED -7 167*4bff34e3Sthurlow 168*4bff34e3Sthurlow // Invalid Parameter 169*4bff34e3Sthurlow #define SPNEGO_E_INVALID_PARAMETER -8 170*4bff34e3Sthurlow 171*4bff34e3Sthurlow // Token Handler encountered an unexpected OID 172*4bff34e3Sthurlow #define SPNEGO_E_UNEXPECTED_OID -9 173*4bff34e3Sthurlow 174*4bff34e3Sthurlow // The requested token was not found 175*4bff34e3Sthurlow #define SPNEGO_E_TOKEN_NOT_FOUND -10 176*4bff34e3Sthurlow 177*4bff34e3Sthurlow // An unexpected type was encountered in the encoding 178*4bff34e3Sthurlow #define SPNEGO_E_UNEXPECTED_TYPE -11 179*4bff34e3Sthurlow 180*4bff34e3Sthurlow // The buffer was too small 181*4bff34e3Sthurlow #define SPNEGO_E_BUFFER_TOO_SMALL -12 182*4bff34e3Sthurlow 183*4bff34e3Sthurlow // A Token Element was invalid (e.g. improper length or value) 184*4bff34e3Sthurlow #define SPNEGO_E_INVALID_ELEMENT -13 185*4bff34e3Sthurlow 186*4bff34e3Sthurlow /* Miscelaneous API Functions */ 187*4bff34e3Sthurlow 188*4bff34e3Sthurlow // Frees opaque data 189*4bff34e3Sthurlow void spnegoFreeData( SPNEGO_TOKEN_HANDLE hSpnegoToken ); 190*4bff34e3Sthurlow 191*4bff34e3Sthurlow // Initializes SPNEGO_TOKEN structure from DER encoded binary data 192*4bff34e3Sthurlow int spnegoInitFromBinary( unsigned char* pbTokenData, unsigned long ulLength, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); 193*4bff34e3Sthurlow 194*4bff34e3Sthurlow // Initializes SPNEGO_TOKEN structure for a NegTokenInit type using the 195*4bff34e3Sthurlow // supplied parameters 196*4bff34e3Sthurlow int spnegoCreateNegTokenInit( SPNEGO_MECH_OID MechType, 197*4bff34e3Sthurlow unsigned char ucContextFlags, unsigned char* pbMechToken, 198*4bff34e3Sthurlow unsigned long ulMechTokenLen, unsigned char* pbMechTokenMIC, 199*4bff34e3Sthurlow unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); 200*4bff34e3Sthurlow 201*4bff34e3Sthurlow // Initializes SPNEGO_TOKEN structure for a NegTokenTarg type using the 202*4bff34e3Sthurlow // supplied parameters 203*4bff34e3Sthurlow int spnegoCreateNegTokenTarg( SPNEGO_MECH_OID MechType, 204*4bff34e3Sthurlow SPNEGO_NEGRESULT spnegoNegResult, unsigned char* pbMechToken, 205*4bff34e3Sthurlow unsigned long ulMechTokenLen, unsigned char* pbMechListMIC, 206*4bff34e3Sthurlow unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); 207*4bff34e3Sthurlow 208*4bff34e3Sthurlow // Copies binary representation of SPNEGO Data into user supplied buffer 209*4bff34e3Sthurlow int spnegoTokenGetBinary( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData, 210*4bff34e3Sthurlow unsigned long * pulDataLen ); 211*4bff34e3Sthurlow 212*4bff34e3Sthurlow // Returns SPNEGO Token Type 213*4bff34e3Sthurlow int spnegoGetTokenType( SPNEGO_TOKEN_HANDLE hSpnegoToken, int * piTokenType ); 214*4bff34e3Sthurlow 215*4bff34e3Sthurlow /* Reading an Init Token */ 216*4bff34e3Sthurlow 217*4bff34e3Sthurlow // Returns the Initial Mech Type in the MechList element in the NegInitToken. 218*4bff34e3Sthurlow int spnegoIsMechTypeAvailable( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID MechOID, int * piMechTypeIndex ); 219*4bff34e3Sthurlow 220*4bff34e3Sthurlow // Returns the value from the context flags element in the NegInitToken as an unsigned long 221*4bff34e3Sthurlow int spnegoGetContextFlags( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pucContextFlags ); 222*4bff34e3Sthurlow 223*4bff34e3Sthurlow /* Reading a Response Token */ 224*4bff34e3Sthurlow 225*4bff34e3Sthurlow // Returns the value from the negResult element (Status code of GSS call - 0,1,2) 226*4bff34e3Sthurlow int spnegoGetNegotiationResult( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_NEGRESULT* pnegResult ); 227*4bff34e3Sthurlow 228*4bff34e3Sthurlow // Returns the Supported Mech Type from the NegTokenTarg. 229*4bff34e3Sthurlow int spnegoGetSupportedMechType( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID* pMechOID ); 230*4bff34e3Sthurlow 231*4bff34e3Sthurlow /* Reading either Token Type */ 232*4bff34e3Sthurlow 233*4bff34e3Sthurlow // Returns the actual Mechanism data from the token (this is what is passed into GSS-API functions 234*4bff34e3Sthurlow int spnegoGetMechToken( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData, unsigned long* pulDataLen ); 235*4bff34e3Sthurlow 236*4bff34e3Sthurlow // Returns the Message Integrity BLOB in the token 237*4bff34e3Sthurlow int spnegoGetMechListMIC( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbMICData, unsigned long* pulDataLen ); 238*4bff34e3Sthurlow 239*4bff34e3Sthurlow // C++ Specific 240*4bff34e3Sthurlow #if defined(__cplusplus) 241*4bff34e3Sthurlow } 242*4bff34e3Sthurlow #endif 243*4bff34e3Sthurlow 244*4bff34e3Sthurlow #endif 245