1// Copyright (C) 2002 Microsoft Corporation 2// All rights reserved. 3// 4// THIS CODE AND INFORMATION IS PROVIDED "AS IS" 5// WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 6// OR IMPLIED, INCLUDING BUT NOT LIMITED 7// TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY 8// AND/OR FITNESS FOR A PARTICULAR PURPOSE. 9// 10// Date - 10/08/2002 11// Author - Sanj Surati 12 13///////////////////////////////////////////////////////////// 14// 15// SPNEGO.H 16// 17// SPNEGO Token Handler Header File 18// 19// Contains the definitions required to interpret and create 20// SPNEGO tokens so that Kerberos GSS tokens can be 21// Unpackaged/packaged. 22// 23///////////////////////////////////////////////////////////// 24 25#pragma ident "%Z%%M% %I% %E% SMI" 26 27#ifndef __SPNEGO_H__ 28#define __SPNEGO_H__ 29 30// C++ Specific 31#if defined(__cplusplus) 32extern "C" 33{ 34#endif 35 36// Type Definitions 37 38// 39// Users of SPNEGO Token Handler API will request 40// these as well as free them, 41// 42typedef void* SPNEGO_TOKEN_HANDLE; 43 44// 45// Defines the element types that are found 46// in each of the tokens. 47// 48 49typedef enum spnego_element_type 50{ 51 spnego_element_min, // Lower bound 52 53 // Init token elements 54 spnego_init_mechtypes, 55 spnego_init_reqFlags, 56 spnego_init_mechToken, 57 spnego_init_mechListMIC, 58 59 // Targ token elements 60 spnego_targ_negResult, 61 spnego_targ_supportedMech, 62 spnego_targ_responseToken, 63 spnego_targ_mechListMIC, 64 65 spnego_element_max // Upper bound 66 67} SPNEGO_ELEMENT_TYPE; 68 69// 70// Token Element Availability. Elements in both 71// token types are optional. Since there are only 72// 4 elements in each Token, we will allocate space 73// to hold the information, but we need a way to 74// indicate whether or not an element is available 75// 76 77#define SPNEGO_TOKEN_ELEMENT_UNAVAILABLE 0 78#define SPNEGO_TOKEN_ELEMENT_AVAILABLE 1 79 80// 81// Token type values. SPNEGO has 2 token types: 82// NegTokenInit and NegTokenTarg 83// 84 85#define SPNEGO_TOKEN_INIT 0 86#define SPNEGO_TOKEN_TARG 1 87 88// 89// GSS Mechanism OID enumeration. We only really handle 90// 3 different OIDs. These are stored in an array structure 91// defined in the parsing code. 92// 93 94typedef enum spnego_mech_oid 95{ 96 // Init token elements 97 spnego_mech_oid_Kerberos_V5_Legacy, // Really V5, but OID off by 1 bit 98 spnego_mech_oid_Kerberos_V5, 99 spnego_mech_oid_Spnego, 100 spnego_mech_oid_NTLMSSP, 101 spnego_mech_oid_NotUsed = -1 102 103} SPNEGO_MECH_OID; 104 105// 106// Defines the negResult values. 107// 108 109typedef enum spnego_negResult 110{ 111 spnego_negresult_success, 112 spnego_negresult_incomplete, 113 spnego_negresult_rejected, 114 spnego_negresult_NotUsed = -1 115} SPNEGO_NEGRESULT; 116 117// 118// Context Flags in NegTokenInit 119// 120 121// 122// ContextFlags values MUST be zero or a combination 123// of the below 124// 125 126#define SPNEGO_NEGINIT_CONTEXT_DELEG_FLAG 0x80 127#define SPNEGO_NEGINIT_CONTEXT_MUTUAL_FLAG 0x40 128#define SPNEGO_NEGINIT_CONTEXT_REPLAY_FLAG 0x20 129#define SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG 0x10 130#define SPNEGO_NEGINIT_CONTEXT_ANON_FLAG 0x8 131#define SPNEGO_NEGINIT_CONTEXT_CONF_FLAG 0x4 132#define SPNEGO_NEGINIT_CONTEXT_INTEG_FLAG 0x2 133 134// 135// Mask to retrieve valid values. 136// 137 138#define SPNEGO_NEGINIT_CONTEXT_MASK 0xFE // Logical combination of above flags 139 140// 141// SPNEGO API return codes. 142// 143 144// API function was successful 145#define SPNEGO_E_SUCCESS 0 146 147// The supplied Token was invalid 148#define SPNEGO_E_INVALID_TOKEN -1 149 150// An invalid length was encountered 151#define SPNEGO_E_INVALID_LENGTH -2 152 153// The Token Parse failed 154#define SPNEGO_E_PARSE_FAILED -3 155 156// The requested value was not found 157#define SPNEGO_E_NOT_FOUND -4 158 159// The requested element is not available 160#define SPNEGO_E_ELEMENT_UNAVAILABLE -5 161 162// Out of Memory 163#define SPNEGO_E_OUT_OF_MEMORY -6 164 165// Not Implemented 166#define SPNEGO_E_NOT_IMPLEMENTED -7 167 168// Invalid Parameter 169#define SPNEGO_E_INVALID_PARAMETER -8 170 171// Token Handler encountered an unexpected OID 172#define SPNEGO_E_UNEXPECTED_OID -9 173 174// The requested token was not found 175#define SPNEGO_E_TOKEN_NOT_FOUND -10 176 177// An unexpected type was encountered in the encoding 178#define SPNEGO_E_UNEXPECTED_TYPE -11 179 180// The buffer was too small 181#define SPNEGO_E_BUFFER_TOO_SMALL -12 182 183// A Token Element was invalid (e.g. improper length or value) 184#define SPNEGO_E_INVALID_ELEMENT -13 185 186/* Miscelaneous API Functions */ 187 188// Frees opaque data 189void spnegoFreeData( SPNEGO_TOKEN_HANDLE hSpnegoToken ); 190 191// Initializes SPNEGO_TOKEN structure from DER encoded binary data 192int spnegoInitFromBinary( unsigned char* pbTokenData, unsigned long ulLength, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); 193 194// Initializes SPNEGO_TOKEN structure for a NegTokenInit type using the 195// supplied parameters 196int spnegoCreateNegTokenInit( SPNEGO_MECH_OID MechType, 197 unsigned char ucContextFlags, unsigned char* pbMechToken, 198 unsigned long ulMechTokenLen, unsigned char* pbMechTokenMIC, 199 unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); 200 201// Initializes SPNEGO_TOKEN structure for a NegTokenTarg type using the 202// supplied parameters 203int spnegoCreateNegTokenTarg( SPNEGO_MECH_OID MechType, 204 SPNEGO_NEGRESULT spnegoNegResult, unsigned char* pbMechToken, 205 unsigned long ulMechTokenLen, unsigned char* pbMechListMIC, 206 unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE* phSpnegoToken ); 207 208// Copies binary representation of SPNEGO Data into user supplied buffer 209int spnegoTokenGetBinary( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData, 210 unsigned long * pulDataLen ); 211 212// Returns SPNEGO Token Type 213int spnegoGetTokenType( SPNEGO_TOKEN_HANDLE hSpnegoToken, int * piTokenType ); 214 215/* Reading an Init Token */ 216 217// Returns the Initial Mech Type in the MechList element in the NegInitToken. 218int spnegoIsMechTypeAvailable( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID MechOID, int * piMechTypeIndex ); 219 220// Returns the value from the context flags element in the NegInitToken as an unsigned long 221int spnegoGetContextFlags( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pucContextFlags ); 222 223/* Reading a Response Token */ 224 225// Returns the value from the negResult element (Status code of GSS call - 0,1,2) 226int spnegoGetNegotiationResult( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_NEGRESULT* pnegResult ); 227 228// Returns the Supported Mech Type from the NegTokenTarg. 229int spnegoGetSupportedMechType( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID* pMechOID ); 230 231/* Reading either Token Type */ 232 233// Returns the actual Mechanism data from the token (this is what is passed into GSS-API functions 234int spnegoGetMechToken( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData, unsigned long* pulDataLen ); 235 236// Returns the Message Integrity BLOB in the token 237int spnegoGetMechListMIC( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbMICData, unsigned long* pulDataLen ); 238 239// C++ Specific 240#if defined(__cplusplus) 241} 242#endif 243 244#endif 245