1 #ifndef HEADER_CURL_SSPI_H 2 #define HEADER_CURL_SSPI_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 * SPDX-License-Identifier: curl 24 * 25 ***************************************************************************/ 26 27 #include "curl_setup.h" 28 29 #ifdef USE_WINDOWS_SSPI 30 31 #include <curl/curl.h> 32 33 /* 34 * When including the following three headers, it is mandatory to define either 35 * SECURITY_WIN32 or SECURITY_KERNEL, indicating who is compiling the code. 36 */ 37 38 #undef SECURITY_WIN32 39 #undef SECURITY_KERNEL 40 #define SECURITY_WIN32 1 41 #include <security.h> 42 #include <sspi.h> 43 #include <rpc.h> 44 45 CURLcode Curl_sspi_global_init(void); 46 void Curl_sspi_global_cleanup(void); 47 48 /* This is used to populate the domain in a SSPI identity structure */ 49 CURLcode Curl_override_sspi_http_realm(const char *chlg, 50 SEC_WINNT_AUTH_IDENTITY *identity); 51 52 /* This is used to generate an SSPI identity structure */ 53 CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp, 54 SEC_WINNT_AUTH_IDENTITY *identity); 55 56 /* This is used to free an SSPI identity structure */ 57 void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity); 58 59 /* Forward-declaration of global variables defined in curl_sspi.c */ 60 extern HMODULE s_hSecDll; 61 extern PSecurityFunctionTable s_pSecFn; 62 63 /* Provide some definitions missing in old headers */ 64 #define SP_NAME_DIGEST "WDigest" 65 #define SP_NAME_NTLM "NTLM" 66 #define SP_NAME_NEGOTIATE "Negotiate" 67 #define SP_NAME_KERBEROS "Kerberos" 68 69 #ifndef ISC_REQ_USE_HTTP_STYLE 70 #define ISC_REQ_USE_HTTP_STYLE 0x01000000 71 #endif 72 73 #ifndef ISC_RET_REPLAY_DETECT 74 #define ISC_RET_REPLAY_DETECT 0x00000004 75 #endif 76 77 #ifndef ISC_RET_SEQUENCE_DETECT 78 #define ISC_RET_SEQUENCE_DETECT 0x00000008 79 #endif 80 81 #ifndef ISC_RET_CONFIDENTIALITY 82 #define ISC_RET_CONFIDENTIALITY 0x00000010 83 #endif 84 85 #ifndef ISC_RET_ALLOCATED_MEMORY 86 #define ISC_RET_ALLOCATED_MEMORY 0x00000100 87 #endif 88 89 #ifndef ISC_RET_STREAM 90 #define ISC_RET_STREAM 0x00008000 91 #endif 92 93 #ifndef SEC_E_INSUFFICIENT_MEMORY 94 # define SEC_E_INSUFFICIENT_MEMORY ((HRESULT)0x80090300L) 95 #endif 96 #ifndef SEC_E_INVALID_HANDLE 97 # define SEC_E_INVALID_HANDLE ((HRESULT)0x80090301L) 98 #endif 99 #ifndef SEC_E_UNSUPPORTED_FUNCTION 100 # define SEC_E_UNSUPPORTED_FUNCTION ((HRESULT)0x80090302L) 101 #endif 102 #ifndef SEC_E_TARGET_UNKNOWN 103 # define SEC_E_TARGET_UNKNOWN ((HRESULT)0x80090303L) 104 #endif 105 #ifndef SEC_E_INTERNAL_ERROR 106 # define SEC_E_INTERNAL_ERROR ((HRESULT)0x80090304L) 107 #endif 108 #ifndef SEC_E_SECPKG_NOT_FOUND 109 # define SEC_E_SECPKG_NOT_FOUND ((HRESULT)0x80090305L) 110 #endif 111 #ifndef SEC_E_NOT_OWNER 112 # define SEC_E_NOT_OWNER ((HRESULT)0x80090306L) 113 #endif 114 #ifndef SEC_E_CANNOT_INSTALL 115 # define SEC_E_CANNOT_INSTALL ((HRESULT)0x80090307L) 116 #endif 117 #ifndef SEC_E_INVALID_TOKEN 118 # define SEC_E_INVALID_TOKEN ((HRESULT)0x80090308L) 119 #endif 120 #ifndef SEC_E_CANNOT_PACK 121 # define SEC_E_CANNOT_PACK ((HRESULT)0x80090309L) 122 #endif 123 #ifndef SEC_E_QOP_NOT_SUPPORTED 124 # define SEC_E_QOP_NOT_SUPPORTED ((HRESULT)0x8009030AL) 125 #endif 126 #ifndef SEC_E_NO_IMPERSONATION 127 # define SEC_E_NO_IMPERSONATION ((HRESULT)0x8009030BL) 128 #endif 129 #ifndef SEC_E_LOGON_DENIED 130 # define SEC_E_LOGON_DENIED ((HRESULT)0x8009030CL) 131 #endif 132 #ifndef SEC_E_UNKNOWN_CREDENTIALS 133 # define SEC_E_UNKNOWN_CREDENTIALS ((HRESULT)0x8009030DL) 134 #endif 135 #ifndef SEC_E_NO_CREDENTIALS 136 # define SEC_E_NO_CREDENTIALS ((HRESULT)0x8009030EL) 137 #endif 138 #ifndef SEC_E_MESSAGE_ALTERED 139 # define SEC_E_MESSAGE_ALTERED ((HRESULT)0x8009030FL) 140 #endif 141 #ifndef SEC_E_OUT_OF_SEQUENCE 142 # define SEC_E_OUT_OF_SEQUENCE ((HRESULT)0x80090310L) 143 #endif 144 #ifndef SEC_E_NO_AUTHENTICATING_AUTHORITY 145 # define SEC_E_NO_AUTHENTICATING_AUTHORITY ((HRESULT)0x80090311L) 146 #endif 147 #ifndef SEC_E_BAD_PKGID 148 # define SEC_E_BAD_PKGID ((HRESULT)0x80090316L) 149 #endif 150 #ifndef SEC_E_CONTEXT_EXPIRED 151 # define SEC_E_CONTEXT_EXPIRED ((HRESULT)0x80090317L) 152 #endif 153 #ifndef SEC_E_INCOMPLETE_MESSAGE 154 # define SEC_E_INCOMPLETE_MESSAGE ((HRESULT)0x80090318L) 155 #endif 156 #ifndef SEC_E_INCOMPLETE_CREDENTIALS 157 # define SEC_E_INCOMPLETE_CREDENTIALS ((HRESULT)0x80090320L) 158 #endif 159 #ifndef SEC_E_BUFFER_TOO_SMALL 160 # define SEC_E_BUFFER_TOO_SMALL ((HRESULT)0x80090321L) 161 #endif 162 #ifndef SEC_E_WRONG_PRINCIPAL 163 # define SEC_E_WRONG_PRINCIPAL ((HRESULT)0x80090322L) 164 #endif 165 #ifndef SEC_E_TIME_SKEW 166 # define SEC_E_TIME_SKEW ((HRESULT)0x80090324L) 167 #endif 168 #ifndef SEC_E_UNTRUSTED_ROOT 169 # define SEC_E_UNTRUSTED_ROOT ((HRESULT)0x80090325L) 170 #endif 171 #ifndef SEC_E_ILLEGAL_MESSAGE 172 # define SEC_E_ILLEGAL_MESSAGE ((HRESULT)0x80090326L) 173 #endif 174 #ifndef SEC_E_CERT_UNKNOWN 175 # define SEC_E_CERT_UNKNOWN ((HRESULT)0x80090327L) 176 #endif 177 #ifndef SEC_E_CERT_EXPIRED 178 # define SEC_E_CERT_EXPIRED ((HRESULT)0x80090328L) 179 #endif 180 #ifndef SEC_E_ENCRYPT_FAILURE 181 # define SEC_E_ENCRYPT_FAILURE ((HRESULT)0x80090329L) 182 #endif 183 #ifndef SEC_E_DECRYPT_FAILURE 184 # define SEC_E_DECRYPT_FAILURE ((HRESULT)0x80090330L) 185 #endif 186 #ifndef SEC_E_ALGORITHM_MISMATCH 187 # define SEC_E_ALGORITHM_MISMATCH ((HRESULT)0x80090331L) 188 #endif 189 #ifndef SEC_E_SECURITY_QOS_FAILED 190 # define SEC_E_SECURITY_QOS_FAILED ((HRESULT)0x80090332L) 191 #endif 192 #ifndef SEC_E_UNFINISHED_CONTEXT_DELETED 193 # define SEC_E_UNFINISHED_CONTEXT_DELETED ((HRESULT)0x80090333L) 194 #endif 195 #ifndef SEC_E_NO_TGT_REPLY 196 # define SEC_E_NO_TGT_REPLY ((HRESULT)0x80090334L) 197 #endif 198 #ifndef SEC_E_NO_IP_ADDRESSES 199 # define SEC_E_NO_IP_ADDRESSES ((HRESULT)0x80090335L) 200 #endif 201 #ifndef SEC_E_WRONG_CREDENTIAL_HANDLE 202 # define SEC_E_WRONG_CREDENTIAL_HANDLE ((HRESULT)0x80090336L) 203 #endif 204 #ifndef SEC_E_CRYPTO_SYSTEM_INVALID 205 # define SEC_E_CRYPTO_SYSTEM_INVALID ((HRESULT)0x80090337L) 206 #endif 207 #ifndef SEC_E_MAX_REFERRALS_EXCEEDED 208 # define SEC_E_MAX_REFERRALS_EXCEEDED ((HRESULT)0x80090338L) 209 #endif 210 #ifndef SEC_E_MUST_BE_KDC 211 # define SEC_E_MUST_BE_KDC ((HRESULT)0x80090339L) 212 #endif 213 #ifndef SEC_E_STRONG_CRYPTO_NOT_SUPPORTED 214 # define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED ((HRESULT)0x8009033AL) 215 #endif 216 #ifndef SEC_E_TOO_MANY_PRINCIPALS 217 # define SEC_E_TOO_MANY_PRINCIPALS ((HRESULT)0x8009033BL) 218 #endif 219 #ifndef SEC_E_NO_PA_DATA 220 # define SEC_E_NO_PA_DATA ((HRESULT)0x8009033CL) 221 #endif 222 #ifndef SEC_E_PKINIT_NAME_MISMATCH 223 # define SEC_E_PKINIT_NAME_MISMATCH ((HRESULT)0x8009033DL) 224 #endif 225 #ifndef SEC_E_SMARTCARD_LOGON_REQUIRED 226 # define SEC_E_SMARTCARD_LOGON_REQUIRED ((HRESULT)0x8009033EL) 227 #endif 228 #ifndef SEC_E_SHUTDOWN_IN_PROGRESS 229 # define SEC_E_SHUTDOWN_IN_PROGRESS ((HRESULT)0x8009033FL) 230 #endif 231 #ifndef SEC_E_KDC_INVALID_REQUEST 232 # define SEC_E_KDC_INVALID_REQUEST ((HRESULT)0x80090340L) 233 #endif 234 #ifndef SEC_E_KDC_UNABLE_TO_REFER 235 # define SEC_E_KDC_UNABLE_TO_REFER ((HRESULT)0x80090341L) 236 #endif 237 #ifndef SEC_E_KDC_UNKNOWN_ETYPE 238 # define SEC_E_KDC_UNKNOWN_ETYPE ((HRESULT)0x80090342L) 239 #endif 240 #ifndef SEC_E_UNSUPPORTED_PREAUTH 241 # define SEC_E_UNSUPPORTED_PREAUTH ((HRESULT)0x80090343L) 242 #endif 243 #ifndef SEC_E_DELEGATION_REQUIRED 244 # define SEC_E_DELEGATION_REQUIRED ((HRESULT)0x80090345L) 245 #endif 246 #ifndef SEC_E_BAD_BINDINGS 247 # define SEC_E_BAD_BINDINGS ((HRESULT)0x80090346L) 248 #endif 249 #ifndef SEC_E_MULTIPLE_ACCOUNTS 250 # define SEC_E_MULTIPLE_ACCOUNTS ((HRESULT)0x80090347L) 251 #endif 252 #ifndef SEC_E_NO_KERB_KEY 253 # define SEC_E_NO_KERB_KEY ((HRESULT)0x80090348L) 254 #endif 255 #ifndef SEC_E_CERT_WRONG_USAGE 256 # define SEC_E_CERT_WRONG_USAGE ((HRESULT)0x80090349L) 257 #endif 258 #ifndef SEC_E_DOWNGRADE_DETECTED 259 # define SEC_E_DOWNGRADE_DETECTED ((HRESULT)0x80090350L) 260 #endif 261 #ifndef SEC_E_SMARTCARD_CERT_REVOKED 262 # define SEC_E_SMARTCARD_CERT_REVOKED ((HRESULT)0x80090351L) 263 #endif 264 #ifndef SEC_E_ISSUING_CA_UNTRUSTED 265 # define SEC_E_ISSUING_CA_UNTRUSTED ((HRESULT)0x80090352L) 266 #endif 267 #ifndef SEC_E_REVOCATION_OFFLINE_C 268 # define SEC_E_REVOCATION_OFFLINE_C ((HRESULT)0x80090353L) 269 #endif 270 #ifndef SEC_E_PKINIT_CLIENT_FAILURE 271 # define SEC_E_PKINIT_CLIENT_FAILURE ((HRESULT)0x80090354L) 272 #endif 273 #ifndef SEC_E_SMARTCARD_CERT_EXPIRED 274 # define SEC_E_SMARTCARD_CERT_EXPIRED ((HRESULT)0x80090355L) 275 #endif 276 #ifndef SEC_E_NO_S4U_PROT_SUPPORT 277 # define SEC_E_NO_S4U_PROT_SUPPORT ((HRESULT)0x80090356L) 278 #endif 279 #ifndef SEC_E_CROSSREALM_DELEGATION_FAILURE 280 # define SEC_E_CROSSREALM_DELEGATION_FAILURE ((HRESULT)0x80090357L) 281 #endif 282 #ifndef SEC_E_REVOCATION_OFFLINE_KDC 283 # define SEC_E_REVOCATION_OFFLINE_KDC ((HRESULT)0x80090358L) 284 #endif 285 #ifndef SEC_E_ISSUING_CA_UNTRUSTED_KDC 286 # define SEC_E_ISSUING_CA_UNTRUSTED_KDC ((HRESULT)0x80090359L) 287 #endif 288 #ifndef SEC_E_KDC_CERT_EXPIRED 289 # define SEC_E_KDC_CERT_EXPIRED ((HRESULT)0x8009035AL) 290 #endif 291 #ifndef SEC_E_KDC_CERT_REVOKED 292 # define SEC_E_KDC_CERT_REVOKED ((HRESULT)0x8009035BL) 293 #endif 294 #ifndef SEC_E_INVALID_PARAMETER 295 # define SEC_E_INVALID_PARAMETER ((HRESULT)0x8009035DL) 296 #endif 297 #ifndef SEC_E_DELEGATION_POLICY 298 # define SEC_E_DELEGATION_POLICY ((HRESULT)0x8009035EL) 299 #endif 300 #ifndef SEC_E_POLICY_NLTM_ONLY 301 # define SEC_E_POLICY_NLTM_ONLY ((HRESULT)0x8009035FL) 302 #endif 303 304 #ifndef SEC_I_CONTINUE_NEEDED 305 # define SEC_I_CONTINUE_NEEDED ((HRESULT)0x00090312L) 306 #endif 307 #ifndef SEC_I_COMPLETE_NEEDED 308 # define SEC_I_COMPLETE_NEEDED ((HRESULT)0x00090313L) 309 #endif 310 #ifndef SEC_I_COMPLETE_AND_CONTINUE 311 # define SEC_I_COMPLETE_AND_CONTINUE ((HRESULT)0x00090314L) 312 #endif 313 #ifndef SEC_I_LOCAL_LOGON 314 # define SEC_I_LOCAL_LOGON ((HRESULT)0x00090315L) 315 #endif 316 #ifndef SEC_I_CONTEXT_EXPIRED 317 # define SEC_I_CONTEXT_EXPIRED ((HRESULT)0x00090317L) 318 #endif 319 #ifndef SEC_I_INCOMPLETE_CREDENTIALS 320 # define SEC_I_INCOMPLETE_CREDENTIALS ((HRESULT)0x00090320L) 321 #endif 322 #ifndef SEC_I_RENEGOTIATE 323 # define SEC_I_RENEGOTIATE ((HRESULT)0x00090321L) 324 #endif 325 #ifndef SEC_I_NO_LSA_CONTEXT 326 # define SEC_I_NO_LSA_CONTEXT ((HRESULT)0x00090323L) 327 #endif 328 #ifndef SEC_I_SIGNATURE_NEEDED 329 # define SEC_I_SIGNATURE_NEEDED ((HRESULT)0x0009035CL) 330 #endif 331 332 #ifndef CRYPT_E_REVOKED 333 # define CRYPT_E_REVOKED ((HRESULT)0x80092010L) 334 #endif 335 336 #ifdef UNICODE 337 # define SECFLAG_WINNT_AUTH_IDENTITY \ 338 (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE 339 #else 340 # define SECFLAG_WINNT_AUTH_IDENTITY \ 341 (unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI 342 #endif 343 344 /* 345 * Definitions required from ntsecapi.h are directly provided below this point 346 * to avoid including ntsecapi.h due to a conflict with OpenSSL's safestack.h 347 */ 348 #define KERB_WRAP_NO_ENCRYPT 0x80000001 349 350 #endif /* USE_WINDOWS_SSPI */ 351 352 #endif /* HEADER_CURL_SSPI_H */ 353