1 #ifndef HEADER_CURL_SSPI_H 2 #define HEADER_CURL_SSPI_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 ***************************************************************************/ 24 25 #include "curl_setup.h" 26 27 #ifdef USE_WINDOWS_SSPI 28 29 #include <curl/curl.h> 30 31 /* 32 * When including the following three headers, it is mandatory to define either 33 * SECURITY_WIN32 or SECURITY_KERNEL, indicating who is compiling the code. 34 */ 35 36 #undef SECURITY_WIN32 37 #undef SECURITY_KERNEL 38 #define SECURITY_WIN32 1 39 #include <security.h> 40 #include <sspi.h> 41 #include <rpc.h> 42 43 CURLcode Curl_sspi_global_init(void); 44 void Curl_sspi_global_cleanup(void); 45 46 /* This is used to populate the domain in a SSPI identity structure */ 47 CURLcode Curl_override_sspi_http_realm(const char *chlg, 48 SEC_WINNT_AUTH_IDENTITY *identity); 49 50 /* This is used to generate an SSPI identity structure */ 51 CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp, 52 SEC_WINNT_AUTH_IDENTITY *identity); 53 54 /* This is used to free an SSPI identity structure */ 55 void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity); 56 57 /* Forward-declaration of global variables defined in curl_sspi.c */ 58 extern HMODULE s_hSecDll; 59 extern PSecurityFunctionTable s_pSecFn; 60 61 /* Provide some definitions missing in old headers */ 62 #define SP_NAME_DIGEST "WDigest" 63 #define SP_NAME_NTLM "NTLM" 64 #define SP_NAME_NEGOTIATE "Negotiate" 65 #define SP_NAME_KERBEROS "Kerberos" 66 67 #ifndef ISC_REQ_USE_HTTP_STYLE 68 #define ISC_REQ_USE_HTTP_STYLE 0x01000000 69 #endif 70 71 #ifndef ISC_RET_REPLAY_DETECT 72 #define ISC_RET_REPLAY_DETECT 0x00000004 73 #endif 74 75 #ifndef ISC_RET_SEQUENCE_DETECT 76 #define ISC_RET_SEQUENCE_DETECT 0x00000008 77 #endif 78 79 #ifndef ISC_RET_CONFIDENTIALITY 80 #define ISC_RET_CONFIDENTIALITY 0x00000010 81 #endif 82 83 #ifndef ISC_RET_ALLOCATED_MEMORY 84 #define ISC_RET_ALLOCATED_MEMORY 0x00000100 85 #endif 86 87 #ifndef ISC_RET_STREAM 88 #define ISC_RET_STREAM 0x00008000 89 #endif 90 91 #ifndef SEC_E_INSUFFICIENT_MEMORY 92 # define SEC_E_INSUFFICIENT_MEMORY ((HRESULT)0x80090300L) 93 #endif 94 #ifndef SEC_E_INVALID_HANDLE 95 # define SEC_E_INVALID_HANDLE ((HRESULT)0x80090301L) 96 #endif 97 #ifndef SEC_E_UNSUPPORTED_FUNCTION 98 # define SEC_E_UNSUPPORTED_FUNCTION ((HRESULT)0x80090302L) 99 #endif 100 #ifndef SEC_E_TARGET_UNKNOWN 101 # define SEC_E_TARGET_UNKNOWN ((HRESULT)0x80090303L) 102 #endif 103 #ifndef SEC_E_INTERNAL_ERROR 104 # define SEC_E_INTERNAL_ERROR ((HRESULT)0x80090304L) 105 #endif 106 #ifndef SEC_E_SECPKG_NOT_FOUND 107 # define SEC_E_SECPKG_NOT_FOUND ((HRESULT)0x80090305L) 108 #endif 109 #ifndef SEC_E_NOT_OWNER 110 # define SEC_E_NOT_OWNER ((HRESULT)0x80090306L) 111 #endif 112 #ifndef SEC_E_CANNOT_INSTALL 113 # define SEC_E_CANNOT_INSTALL ((HRESULT)0x80090307L) 114 #endif 115 #ifndef SEC_E_INVALID_TOKEN 116 # define SEC_E_INVALID_TOKEN ((HRESULT)0x80090308L) 117 #endif 118 #ifndef SEC_E_CANNOT_PACK 119 # define SEC_E_CANNOT_PACK ((HRESULT)0x80090309L) 120 #endif 121 #ifndef SEC_E_QOP_NOT_SUPPORTED 122 # define SEC_E_QOP_NOT_SUPPORTED ((HRESULT)0x8009030AL) 123 #endif 124 #ifndef SEC_E_NO_IMPERSONATION 125 # define SEC_E_NO_IMPERSONATION ((HRESULT)0x8009030BL) 126 #endif 127 #ifndef SEC_E_LOGON_DENIED 128 # define SEC_E_LOGON_DENIED ((HRESULT)0x8009030CL) 129 #endif 130 #ifndef SEC_E_UNKNOWN_CREDENTIALS 131 # define SEC_E_UNKNOWN_CREDENTIALS ((HRESULT)0x8009030DL) 132 #endif 133 #ifndef SEC_E_NO_CREDENTIALS 134 # define SEC_E_NO_CREDENTIALS ((HRESULT)0x8009030EL) 135 #endif 136 #ifndef SEC_E_MESSAGE_ALTERED 137 # define SEC_E_MESSAGE_ALTERED ((HRESULT)0x8009030FL) 138 #endif 139 #ifndef SEC_E_OUT_OF_SEQUENCE 140 # define SEC_E_OUT_OF_SEQUENCE ((HRESULT)0x80090310L) 141 #endif 142 #ifndef SEC_E_NO_AUTHENTICATING_AUTHORITY 143 # define SEC_E_NO_AUTHENTICATING_AUTHORITY ((HRESULT)0x80090311L) 144 #endif 145 #ifndef SEC_E_BAD_PKGID 146 # define SEC_E_BAD_PKGID ((HRESULT)0x80090316L) 147 #endif 148 #ifndef SEC_E_CONTEXT_EXPIRED 149 # define SEC_E_CONTEXT_EXPIRED ((HRESULT)0x80090317L) 150 #endif 151 #ifndef SEC_E_INCOMPLETE_MESSAGE 152 # define SEC_E_INCOMPLETE_MESSAGE ((HRESULT)0x80090318L) 153 #endif 154 #ifndef SEC_E_INCOMPLETE_CREDENTIALS 155 # define SEC_E_INCOMPLETE_CREDENTIALS ((HRESULT)0x80090320L) 156 #endif 157 #ifndef SEC_E_BUFFER_TOO_SMALL 158 # define SEC_E_BUFFER_TOO_SMALL ((HRESULT)0x80090321L) 159 #endif 160 #ifndef SEC_E_WRONG_PRINCIPAL 161 # define SEC_E_WRONG_PRINCIPAL ((HRESULT)0x80090322L) 162 #endif 163 #ifndef SEC_E_TIME_SKEW 164 # define SEC_E_TIME_SKEW ((HRESULT)0x80090324L) 165 #endif 166 #ifndef SEC_E_UNTRUSTED_ROOT 167 # define SEC_E_UNTRUSTED_ROOT ((HRESULT)0x80090325L) 168 #endif 169 #ifndef SEC_E_ILLEGAL_MESSAGE 170 # define SEC_E_ILLEGAL_MESSAGE ((HRESULT)0x80090326L) 171 #endif 172 #ifndef SEC_E_CERT_UNKNOWN 173 # define SEC_E_CERT_UNKNOWN ((HRESULT)0x80090327L) 174 #endif 175 #ifndef SEC_E_CERT_EXPIRED 176 # define SEC_E_CERT_EXPIRED ((HRESULT)0x80090328L) 177 #endif 178 #ifndef SEC_E_ENCRYPT_FAILURE 179 # define SEC_E_ENCRYPT_FAILURE ((HRESULT)0x80090329L) 180 #endif 181 #ifndef SEC_E_DECRYPT_FAILURE 182 # define SEC_E_DECRYPT_FAILURE ((HRESULT)0x80090330L) 183 #endif 184 #ifndef SEC_E_ALGORITHM_MISMATCH 185 # define SEC_E_ALGORITHM_MISMATCH ((HRESULT)0x80090331L) 186 #endif 187 #ifndef SEC_E_SECURITY_QOS_FAILED 188 # define SEC_E_SECURITY_QOS_FAILED ((HRESULT)0x80090332L) 189 #endif 190 #ifndef SEC_E_UNFINISHED_CONTEXT_DELETED 191 # define SEC_E_UNFINISHED_CONTEXT_DELETED ((HRESULT)0x80090333L) 192 #endif 193 #ifndef SEC_E_NO_TGT_REPLY 194 # define SEC_E_NO_TGT_REPLY ((HRESULT)0x80090334L) 195 #endif 196 #ifndef SEC_E_NO_IP_ADDRESSES 197 # define SEC_E_NO_IP_ADDRESSES ((HRESULT)0x80090335L) 198 #endif 199 #ifndef SEC_E_WRONG_CREDENTIAL_HANDLE 200 # define SEC_E_WRONG_CREDENTIAL_HANDLE ((HRESULT)0x80090336L) 201 #endif 202 #ifndef SEC_E_CRYPTO_SYSTEM_INVALID 203 # define SEC_E_CRYPTO_SYSTEM_INVALID ((HRESULT)0x80090337L) 204 #endif 205 #ifndef SEC_E_MAX_REFERRALS_EXCEEDED 206 # define SEC_E_MAX_REFERRALS_EXCEEDED ((HRESULT)0x80090338L) 207 #endif 208 #ifndef SEC_E_MUST_BE_KDC 209 # define SEC_E_MUST_BE_KDC ((HRESULT)0x80090339L) 210 #endif 211 #ifndef SEC_E_STRONG_CRYPTO_NOT_SUPPORTED 212 # define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED ((HRESULT)0x8009033AL) 213 #endif 214 #ifndef SEC_E_TOO_MANY_PRINCIPALS 215 # define SEC_E_TOO_MANY_PRINCIPALS ((HRESULT)0x8009033BL) 216 #endif 217 #ifndef SEC_E_NO_PA_DATA 218 # define SEC_E_NO_PA_DATA ((HRESULT)0x8009033CL) 219 #endif 220 #ifndef SEC_E_PKINIT_NAME_MISMATCH 221 # define SEC_E_PKINIT_NAME_MISMATCH ((HRESULT)0x8009033DL) 222 #endif 223 #ifndef SEC_E_SMARTCARD_LOGON_REQUIRED 224 # define SEC_E_SMARTCARD_LOGON_REQUIRED ((HRESULT)0x8009033EL) 225 #endif 226 #ifndef SEC_E_SHUTDOWN_IN_PROGRESS 227 # define SEC_E_SHUTDOWN_IN_PROGRESS ((HRESULT)0x8009033FL) 228 #endif 229 #ifndef SEC_E_KDC_INVALID_REQUEST 230 # define SEC_E_KDC_INVALID_REQUEST ((HRESULT)0x80090340L) 231 #endif 232 #ifndef SEC_E_KDC_UNABLE_TO_REFER 233 # define SEC_E_KDC_UNABLE_TO_REFER ((HRESULT)0x80090341L) 234 #endif 235 #ifndef SEC_E_KDC_UNKNOWN_ETYPE 236 # define SEC_E_KDC_UNKNOWN_ETYPE ((HRESULT)0x80090342L) 237 #endif 238 #ifndef SEC_E_UNSUPPORTED_PREAUTH 239 # define SEC_E_UNSUPPORTED_PREAUTH ((HRESULT)0x80090343L) 240 #endif 241 #ifndef SEC_E_DELEGATION_REQUIRED 242 # define SEC_E_DELEGATION_REQUIRED ((HRESULT)0x80090345L) 243 #endif 244 #ifndef SEC_E_BAD_BINDINGS 245 # define SEC_E_BAD_BINDINGS ((HRESULT)0x80090346L) 246 #endif 247 #ifndef SEC_E_MULTIPLE_ACCOUNTS 248 # define SEC_E_MULTIPLE_ACCOUNTS ((HRESULT)0x80090347L) 249 #endif 250 #ifndef SEC_E_NO_KERB_KEY 251 # define SEC_E_NO_KERB_KEY ((HRESULT)0x80090348L) 252 #endif 253 #ifndef SEC_E_CERT_WRONG_USAGE 254 # define SEC_E_CERT_WRONG_USAGE ((HRESULT)0x80090349L) 255 #endif 256 #ifndef SEC_E_DOWNGRADE_DETECTED 257 # define SEC_E_DOWNGRADE_DETECTED ((HRESULT)0x80090350L) 258 #endif 259 #ifndef SEC_E_SMARTCARD_CERT_REVOKED 260 # define SEC_E_SMARTCARD_CERT_REVOKED ((HRESULT)0x80090351L) 261 #endif 262 #ifndef SEC_E_ISSUING_CA_UNTRUSTED 263 # define SEC_E_ISSUING_CA_UNTRUSTED ((HRESULT)0x80090352L) 264 #endif 265 #ifndef SEC_E_REVOCATION_OFFLINE_C 266 # define SEC_E_REVOCATION_OFFLINE_C ((HRESULT)0x80090353L) 267 #endif 268 #ifndef SEC_E_PKINIT_CLIENT_FAILURE 269 # define SEC_E_PKINIT_CLIENT_FAILURE ((HRESULT)0x80090354L) 270 #endif 271 #ifndef SEC_E_SMARTCARD_CERT_EXPIRED 272 # define SEC_E_SMARTCARD_CERT_EXPIRED ((HRESULT)0x80090355L) 273 #endif 274 #ifndef SEC_E_NO_S4U_PROT_SUPPORT 275 # define SEC_E_NO_S4U_PROT_SUPPORT ((HRESULT)0x80090356L) 276 #endif 277 #ifndef SEC_E_CROSSREALM_DELEGATION_FAILURE 278 # define SEC_E_CROSSREALM_DELEGATION_FAILURE ((HRESULT)0x80090357L) 279 #endif 280 #ifndef SEC_E_REVOCATION_OFFLINE_KDC 281 # define SEC_E_REVOCATION_OFFLINE_KDC ((HRESULT)0x80090358L) 282 #endif 283 #ifndef SEC_E_ISSUING_CA_UNTRUSTED_KDC 284 # define SEC_E_ISSUING_CA_UNTRUSTED_KDC ((HRESULT)0x80090359L) 285 #endif 286 #ifndef SEC_E_KDC_CERT_EXPIRED 287 # define SEC_E_KDC_CERT_EXPIRED ((HRESULT)0x8009035AL) 288 #endif 289 #ifndef SEC_E_KDC_CERT_REVOKED 290 # define SEC_E_KDC_CERT_REVOKED ((HRESULT)0x8009035BL) 291 #endif 292 #ifndef SEC_E_INVALID_PARAMETER 293 # define SEC_E_INVALID_PARAMETER ((HRESULT)0x8009035DL) 294 #endif 295 #ifndef SEC_E_DELEGATION_POLICY 296 # define SEC_E_DELEGATION_POLICY ((HRESULT)0x8009035EL) 297 #endif 298 #ifndef SEC_E_POLICY_NLTM_ONLY 299 # define SEC_E_POLICY_NLTM_ONLY ((HRESULT)0x8009035FL) 300 #endif 301 302 #ifndef SEC_I_CONTINUE_NEEDED 303 # define SEC_I_CONTINUE_NEEDED ((HRESULT)0x00090312L) 304 #endif 305 #ifndef SEC_I_COMPLETE_NEEDED 306 # define SEC_I_COMPLETE_NEEDED ((HRESULT)0x00090313L) 307 #endif 308 #ifndef SEC_I_COMPLETE_AND_CONTINUE 309 # define SEC_I_COMPLETE_AND_CONTINUE ((HRESULT)0x00090314L) 310 #endif 311 #ifndef SEC_I_LOCAL_LOGON 312 # define SEC_I_LOCAL_LOGON ((HRESULT)0x00090315L) 313 #endif 314 #ifndef SEC_I_CONTEXT_EXPIRED 315 # define SEC_I_CONTEXT_EXPIRED ((HRESULT)0x00090317L) 316 #endif 317 #ifndef SEC_I_INCOMPLETE_CREDENTIALS 318 # define SEC_I_INCOMPLETE_CREDENTIALS ((HRESULT)0x00090320L) 319 #endif 320 #ifndef SEC_I_RENEGOTIATE 321 # define SEC_I_RENEGOTIATE ((HRESULT)0x00090321L) 322 #endif 323 #ifndef SEC_I_NO_LSA_CONTEXT 324 # define SEC_I_NO_LSA_CONTEXT ((HRESULT)0x00090323L) 325 #endif 326 #ifndef SEC_I_SIGNATURE_NEEDED 327 # define SEC_I_SIGNATURE_NEEDED ((HRESULT)0x0009035CL) 328 #endif 329 330 #ifndef CRYPT_E_REVOKED 331 # define CRYPT_E_REVOKED ((HRESULT)0x80092010L) 332 #endif 333 334 #ifdef UNICODE 335 # define SECFLAG_WINNT_AUTH_IDENTITY \ 336 (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE 337 #else 338 # define SECFLAG_WINNT_AUTH_IDENTITY \ 339 (unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI 340 #endif 341 342 /* 343 * Definitions required from ntsecapi.h are directly provided below this point 344 * to avoid including ntsecapi.h due to a conflict with OpenSSL's safestack.h 345 */ 346 #define KERB_WRAP_NO_ENCRYPT 0x80000001 347 348 #endif /* USE_WINDOWS_SSPI */ 349 350 #endif /* HEADER_CURL_SSPI_H */ 351