mirror of
https://github.com/moparisthebest/curl
synced 2024-11-14 05:25:06 -05:00
ac0a88fd25
Follow-up from 4d2f800677
351 lines
12 KiB
C
351 lines
12 KiB
C
#ifndef HEADER_CURL_SSPI_H
|
|
#define HEADER_CURL_SSPI_H
|
|
/***************************************************************************
|
|
* _ _ ____ _
|
|
* Project ___| | | | _ \| |
|
|
* / __| | | | |_) | |
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
* Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at https://curl.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
***************************************************************************/
|
|
|
|
#include "curl_setup.h"
|
|
|
|
#ifdef USE_WINDOWS_SSPI
|
|
|
|
#include <curl/curl.h>
|
|
|
|
/*
|
|
* When including the following three headers, it is mandatory to define either
|
|
* SECURITY_WIN32 or SECURITY_KERNEL, indicating who is compiling the code.
|
|
*/
|
|
|
|
#undef SECURITY_WIN32
|
|
#undef SECURITY_KERNEL
|
|
#define SECURITY_WIN32 1
|
|
#include <security.h>
|
|
#include <sspi.h>
|
|
#include <rpc.h>
|
|
|
|
CURLcode Curl_sspi_global_init(void);
|
|
void Curl_sspi_global_cleanup(void);
|
|
|
|
/* This is used to populate the domain in a SSPI identity structure */
|
|
CURLcode Curl_override_sspi_http_realm(const char *chlg,
|
|
SEC_WINNT_AUTH_IDENTITY *identity);
|
|
|
|
/* This is used to generate an SSPI identity structure */
|
|
CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
|
|
SEC_WINNT_AUTH_IDENTITY *identity);
|
|
|
|
/* This is used to free an SSPI identity structure */
|
|
void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity);
|
|
|
|
/* Forward-declaration of global variables defined in curl_sspi.c */
|
|
extern HMODULE s_hSecDll;
|
|
extern PSecurityFunctionTable s_pSecFn;
|
|
|
|
/* Provide some definitions missing in old headers */
|
|
#define SP_NAME_DIGEST "WDigest"
|
|
#define SP_NAME_NTLM "NTLM"
|
|
#define SP_NAME_NEGOTIATE "Negotiate"
|
|
#define SP_NAME_KERBEROS "Kerberos"
|
|
|
|
#ifndef ISC_REQ_USE_HTTP_STYLE
|
|
#define ISC_REQ_USE_HTTP_STYLE 0x01000000
|
|
#endif
|
|
|
|
#ifndef ISC_RET_REPLAY_DETECT
|
|
#define ISC_RET_REPLAY_DETECT 0x00000004
|
|
#endif
|
|
|
|
#ifndef ISC_RET_SEQUENCE_DETECT
|
|
#define ISC_RET_SEQUENCE_DETECT 0x00000008
|
|
#endif
|
|
|
|
#ifndef ISC_RET_CONFIDENTIALITY
|
|
#define ISC_RET_CONFIDENTIALITY 0x00000010
|
|
#endif
|
|
|
|
#ifndef ISC_RET_ALLOCATED_MEMORY
|
|
#define ISC_RET_ALLOCATED_MEMORY 0x00000100
|
|
#endif
|
|
|
|
#ifndef ISC_RET_STREAM
|
|
#define ISC_RET_STREAM 0x00008000
|
|
#endif
|
|
|
|
#ifndef SEC_E_INSUFFICIENT_MEMORY
|
|
# define SEC_E_INSUFFICIENT_MEMORY ((HRESULT)0x80090300L)
|
|
#endif
|
|
#ifndef SEC_E_INVALID_HANDLE
|
|
# define SEC_E_INVALID_HANDLE ((HRESULT)0x80090301L)
|
|
#endif
|
|
#ifndef SEC_E_UNSUPPORTED_FUNCTION
|
|
# define SEC_E_UNSUPPORTED_FUNCTION ((HRESULT)0x80090302L)
|
|
#endif
|
|
#ifndef SEC_E_TARGET_UNKNOWN
|
|
# define SEC_E_TARGET_UNKNOWN ((HRESULT)0x80090303L)
|
|
#endif
|
|
#ifndef SEC_E_INTERNAL_ERROR
|
|
# define SEC_E_INTERNAL_ERROR ((HRESULT)0x80090304L)
|
|
#endif
|
|
#ifndef SEC_E_SECPKG_NOT_FOUND
|
|
# define SEC_E_SECPKG_NOT_FOUND ((HRESULT)0x80090305L)
|
|
#endif
|
|
#ifndef SEC_E_NOT_OWNER
|
|
# define SEC_E_NOT_OWNER ((HRESULT)0x80090306L)
|
|
#endif
|
|
#ifndef SEC_E_CANNOT_INSTALL
|
|
# define SEC_E_CANNOT_INSTALL ((HRESULT)0x80090307L)
|
|
#endif
|
|
#ifndef SEC_E_INVALID_TOKEN
|
|
# define SEC_E_INVALID_TOKEN ((HRESULT)0x80090308L)
|
|
#endif
|
|
#ifndef SEC_E_CANNOT_PACK
|
|
# define SEC_E_CANNOT_PACK ((HRESULT)0x80090309L)
|
|
#endif
|
|
#ifndef SEC_E_QOP_NOT_SUPPORTED
|
|
# define SEC_E_QOP_NOT_SUPPORTED ((HRESULT)0x8009030AL)
|
|
#endif
|
|
#ifndef SEC_E_NO_IMPERSONATION
|
|
# define SEC_E_NO_IMPERSONATION ((HRESULT)0x8009030BL)
|
|
#endif
|
|
#ifndef SEC_E_LOGON_DENIED
|
|
# define SEC_E_LOGON_DENIED ((HRESULT)0x8009030CL)
|
|
#endif
|
|
#ifndef SEC_E_UNKNOWN_CREDENTIALS
|
|
# define SEC_E_UNKNOWN_CREDENTIALS ((HRESULT)0x8009030DL)
|
|
#endif
|
|
#ifndef SEC_E_NO_CREDENTIALS
|
|
# define SEC_E_NO_CREDENTIALS ((HRESULT)0x8009030EL)
|
|
#endif
|
|
#ifndef SEC_E_MESSAGE_ALTERED
|
|
# define SEC_E_MESSAGE_ALTERED ((HRESULT)0x8009030FL)
|
|
#endif
|
|
#ifndef SEC_E_OUT_OF_SEQUENCE
|
|
# define SEC_E_OUT_OF_SEQUENCE ((HRESULT)0x80090310L)
|
|
#endif
|
|
#ifndef SEC_E_NO_AUTHENTICATING_AUTHORITY
|
|
# define SEC_E_NO_AUTHENTICATING_AUTHORITY ((HRESULT)0x80090311L)
|
|
#endif
|
|
#ifndef SEC_E_BAD_PKGID
|
|
# define SEC_E_BAD_PKGID ((HRESULT)0x80090316L)
|
|
#endif
|
|
#ifndef SEC_E_CONTEXT_EXPIRED
|
|
# define SEC_E_CONTEXT_EXPIRED ((HRESULT)0x80090317L)
|
|
#endif
|
|
#ifndef SEC_E_INCOMPLETE_MESSAGE
|
|
# define SEC_E_INCOMPLETE_MESSAGE ((HRESULT)0x80090318L)
|
|
#endif
|
|
#ifndef SEC_E_INCOMPLETE_CREDENTIALS
|
|
# define SEC_E_INCOMPLETE_CREDENTIALS ((HRESULT)0x80090320L)
|
|
#endif
|
|
#ifndef SEC_E_BUFFER_TOO_SMALL
|
|
# define SEC_E_BUFFER_TOO_SMALL ((HRESULT)0x80090321L)
|
|
#endif
|
|
#ifndef SEC_E_WRONG_PRINCIPAL
|
|
# define SEC_E_WRONG_PRINCIPAL ((HRESULT)0x80090322L)
|
|
#endif
|
|
#ifndef SEC_E_TIME_SKEW
|
|
# define SEC_E_TIME_SKEW ((HRESULT)0x80090324L)
|
|
#endif
|
|
#ifndef SEC_E_UNTRUSTED_ROOT
|
|
# define SEC_E_UNTRUSTED_ROOT ((HRESULT)0x80090325L)
|
|
#endif
|
|
#ifndef SEC_E_ILLEGAL_MESSAGE
|
|
# define SEC_E_ILLEGAL_MESSAGE ((HRESULT)0x80090326L)
|
|
#endif
|
|
#ifndef SEC_E_CERT_UNKNOWN
|
|
# define SEC_E_CERT_UNKNOWN ((HRESULT)0x80090327L)
|
|
#endif
|
|
#ifndef SEC_E_CERT_EXPIRED
|
|
# define SEC_E_CERT_EXPIRED ((HRESULT)0x80090328L)
|
|
#endif
|
|
#ifndef SEC_E_ENCRYPT_FAILURE
|
|
# define SEC_E_ENCRYPT_FAILURE ((HRESULT)0x80090329L)
|
|
#endif
|
|
#ifndef SEC_E_DECRYPT_FAILURE
|
|
# define SEC_E_DECRYPT_FAILURE ((HRESULT)0x80090330L)
|
|
#endif
|
|
#ifndef SEC_E_ALGORITHM_MISMATCH
|
|
# define SEC_E_ALGORITHM_MISMATCH ((HRESULT)0x80090331L)
|
|
#endif
|
|
#ifndef SEC_E_SECURITY_QOS_FAILED
|
|
# define SEC_E_SECURITY_QOS_FAILED ((HRESULT)0x80090332L)
|
|
#endif
|
|
#ifndef SEC_E_UNFINISHED_CONTEXT_DELETED
|
|
# define SEC_E_UNFINISHED_CONTEXT_DELETED ((HRESULT)0x80090333L)
|
|
#endif
|
|
#ifndef SEC_E_NO_TGT_REPLY
|
|
# define SEC_E_NO_TGT_REPLY ((HRESULT)0x80090334L)
|
|
#endif
|
|
#ifndef SEC_E_NO_IP_ADDRESSES
|
|
# define SEC_E_NO_IP_ADDRESSES ((HRESULT)0x80090335L)
|
|
#endif
|
|
#ifndef SEC_E_WRONG_CREDENTIAL_HANDLE
|
|
# define SEC_E_WRONG_CREDENTIAL_HANDLE ((HRESULT)0x80090336L)
|
|
#endif
|
|
#ifndef SEC_E_CRYPTO_SYSTEM_INVALID
|
|
# define SEC_E_CRYPTO_SYSTEM_INVALID ((HRESULT)0x80090337L)
|
|
#endif
|
|
#ifndef SEC_E_MAX_REFERRALS_EXCEEDED
|
|
# define SEC_E_MAX_REFERRALS_EXCEEDED ((HRESULT)0x80090338L)
|
|
#endif
|
|
#ifndef SEC_E_MUST_BE_KDC
|
|
# define SEC_E_MUST_BE_KDC ((HRESULT)0x80090339L)
|
|
#endif
|
|
#ifndef SEC_E_STRONG_CRYPTO_NOT_SUPPORTED
|
|
# define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED ((HRESULT)0x8009033AL)
|
|
#endif
|
|
#ifndef SEC_E_TOO_MANY_PRINCIPALS
|
|
# define SEC_E_TOO_MANY_PRINCIPALS ((HRESULT)0x8009033BL)
|
|
#endif
|
|
#ifndef SEC_E_NO_PA_DATA
|
|
# define SEC_E_NO_PA_DATA ((HRESULT)0x8009033CL)
|
|
#endif
|
|
#ifndef SEC_E_PKINIT_NAME_MISMATCH
|
|
# define SEC_E_PKINIT_NAME_MISMATCH ((HRESULT)0x8009033DL)
|
|
#endif
|
|
#ifndef SEC_E_SMARTCARD_LOGON_REQUIRED
|
|
# define SEC_E_SMARTCARD_LOGON_REQUIRED ((HRESULT)0x8009033EL)
|
|
#endif
|
|
#ifndef SEC_E_SHUTDOWN_IN_PROGRESS
|
|
# define SEC_E_SHUTDOWN_IN_PROGRESS ((HRESULT)0x8009033FL)
|
|
#endif
|
|
#ifndef SEC_E_KDC_INVALID_REQUEST
|
|
# define SEC_E_KDC_INVALID_REQUEST ((HRESULT)0x80090340L)
|
|
#endif
|
|
#ifndef SEC_E_KDC_UNABLE_TO_REFER
|
|
# define SEC_E_KDC_UNABLE_TO_REFER ((HRESULT)0x80090341L)
|
|
#endif
|
|
#ifndef SEC_E_KDC_UNKNOWN_ETYPE
|
|
# define SEC_E_KDC_UNKNOWN_ETYPE ((HRESULT)0x80090342L)
|
|
#endif
|
|
#ifndef SEC_E_UNSUPPORTED_PREAUTH
|
|
# define SEC_E_UNSUPPORTED_PREAUTH ((HRESULT)0x80090343L)
|
|
#endif
|
|
#ifndef SEC_E_DELEGATION_REQUIRED
|
|
# define SEC_E_DELEGATION_REQUIRED ((HRESULT)0x80090345L)
|
|
#endif
|
|
#ifndef SEC_E_BAD_BINDINGS
|
|
# define SEC_E_BAD_BINDINGS ((HRESULT)0x80090346L)
|
|
#endif
|
|
#ifndef SEC_E_MULTIPLE_ACCOUNTS
|
|
# define SEC_E_MULTIPLE_ACCOUNTS ((HRESULT)0x80090347L)
|
|
#endif
|
|
#ifndef SEC_E_NO_KERB_KEY
|
|
# define SEC_E_NO_KERB_KEY ((HRESULT)0x80090348L)
|
|
#endif
|
|
#ifndef SEC_E_CERT_WRONG_USAGE
|
|
# define SEC_E_CERT_WRONG_USAGE ((HRESULT)0x80090349L)
|
|
#endif
|
|
#ifndef SEC_E_DOWNGRADE_DETECTED
|
|
# define SEC_E_DOWNGRADE_DETECTED ((HRESULT)0x80090350L)
|
|
#endif
|
|
#ifndef SEC_E_SMARTCARD_CERT_REVOKED
|
|
# define SEC_E_SMARTCARD_CERT_REVOKED ((HRESULT)0x80090351L)
|
|
#endif
|
|
#ifndef SEC_E_ISSUING_CA_UNTRUSTED
|
|
# define SEC_E_ISSUING_CA_UNTRUSTED ((HRESULT)0x80090352L)
|
|
#endif
|
|
#ifndef SEC_E_REVOCATION_OFFLINE_C
|
|
# define SEC_E_REVOCATION_OFFLINE_C ((HRESULT)0x80090353L)
|
|
#endif
|
|
#ifndef SEC_E_PKINIT_CLIENT_FAILURE
|
|
# define SEC_E_PKINIT_CLIENT_FAILURE ((HRESULT)0x80090354L)
|
|
#endif
|
|
#ifndef SEC_E_SMARTCARD_CERT_EXPIRED
|
|
# define SEC_E_SMARTCARD_CERT_EXPIRED ((HRESULT)0x80090355L)
|
|
#endif
|
|
#ifndef SEC_E_NO_S4U_PROT_SUPPORT
|
|
# define SEC_E_NO_S4U_PROT_SUPPORT ((HRESULT)0x80090356L)
|
|
#endif
|
|
#ifndef SEC_E_CROSSREALM_DELEGATION_FAILURE
|
|
# define SEC_E_CROSSREALM_DELEGATION_FAILURE ((HRESULT)0x80090357L)
|
|
#endif
|
|
#ifndef SEC_E_REVOCATION_OFFLINE_KDC
|
|
# define SEC_E_REVOCATION_OFFLINE_KDC ((HRESULT)0x80090358L)
|
|
#endif
|
|
#ifndef SEC_E_ISSUING_CA_UNTRUSTED_KDC
|
|
# define SEC_E_ISSUING_CA_UNTRUSTED_KDC ((HRESULT)0x80090359L)
|
|
#endif
|
|
#ifndef SEC_E_KDC_CERT_EXPIRED
|
|
# define SEC_E_KDC_CERT_EXPIRED ((HRESULT)0x8009035AL)
|
|
#endif
|
|
#ifndef SEC_E_KDC_CERT_REVOKED
|
|
# define SEC_E_KDC_CERT_REVOKED ((HRESULT)0x8009035BL)
|
|
#endif
|
|
#ifndef SEC_E_INVALID_PARAMETER
|
|
# define SEC_E_INVALID_PARAMETER ((HRESULT)0x8009035DL)
|
|
#endif
|
|
#ifndef SEC_E_DELEGATION_POLICY
|
|
# define SEC_E_DELEGATION_POLICY ((HRESULT)0x8009035EL)
|
|
#endif
|
|
#ifndef SEC_E_POLICY_NLTM_ONLY
|
|
# define SEC_E_POLICY_NLTM_ONLY ((HRESULT)0x8009035FL)
|
|
#endif
|
|
|
|
#ifndef SEC_I_CONTINUE_NEEDED
|
|
# define SEC_I_CONTINUE_NEEDED ((HRESULT)0x00090312L)
|
|
#endif
|
|
#ifndef SEC_I_COMPLETE_NEEDED
|
|
# define SEC_I_COMPLETE_NEEDED ((HRESULT)0x00090313L)
|
|
#endif
|
|
#ifndef SEC_I_COMPLETE_AND_CONTINUE
|
|
# define SEC_I_COMPLETE_AND_CONTINUE ((HRESULT)0x00090314L)
|
|
#endif
|
|
#ifndef SEC_I_LOCAL_LOGON
|
|
# define SEC_I_LOCAL_LOGON ((HRESULT)0x00090315L)
|
|
#endif
|
|
#ifndef SEC_I_CONTEXT_EXPIRED
|
|
# define SEC_I_CONTEXT_EXPIRED ((HRESULT)0x00090317L)
|
|
#endif
|
|
#ifndef SEC_I_INCOMPLETE_CREDENTIALS
|
|
# define SEC_I_INCOMPLETE_CREDENTIALS ((HRESULT)0x00090320L)
|
|
#endif
|
|
#ifndef SEC_I_RENEGOTIATE
|
|
# define SEC_I_RENEGOTIATE ((HRESULT)0x00090321L)
|
|
#endif
|
|
#ifndef SEC_I_NO_LSA_CONTEXT
|
|
# define SEC_I_NO_LSA_CONTEXT ((HRESULT)0x00090323L)
|
|
#endif
|
|
#ifndef SEC_I_SIGNATURE_NEEDED
|
|
# define SEC_I_SIGNATURE_NEEDED ((HRESULT)0x0009035CL)
|
|
#endif
|
|
|
|
#ifndef CRYPT_E_REVOKED
|
|
# define CRYPT_E_REVOKED ((HRESULT)0x80092010L)
|
|
#endif
|
|
|
|
#ifdef UNICODE
|
|
# define SECFLAG_WINNT_AUTH_IDENTITY \
|
|
(unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE
|
|
#else
|
|
# define SECFLAG_WINNT_AUTH_IDENTITY \
|
|
(unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI
|
|
#endif
|
|
|
|
/*
|
|
* Definitions required from ntsecapi.h are directly provided below this point
|
|
* to avoid including ntsecapi.h due to a conflict with OpenSSL's safestack.h
|
|
*/
|
|
#define KERB_WRAP_NO_ENCRYPT 0x80000001
|
|
|
|
#endif /* USE_WINDOWS_SSPI */
|
|
|
|
#endif /* HEADER_CURL_SSPI_H */
|