windows-nt/Source/XPSP1/NT/ds/security/protocols/schannel/inc/cred.h

227 lines
5.9 KiB
C
Raw Normal View History

2020-09-26 03:20:57 -05:00
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1995.
//
// File: cred.h
//
// Contents:
//
// Classes:
//
// Functions:
//
// History: 09-23-97 jbanes LSA integration stuff.
//
//----------------------------------------------------------------------------
#ifndef __CRED_H__
#define __CRED_H__
#define PCT_CRED_MAGIC *(DWORD *)"CtcP"
typedef struct _CRED_THUMBPRINT
{
DWORD LowPart;
DWORD HighPart;
} CRED_THUMBPRINT, *PCRED_THUMBPRINT;
typedef struct _SPCredential
{
PCCERT_CONTEXT pCert;
CRED_THUMBPRINT CertThumbprint;
HCRYPTPROV hProv;
HCRYPTPROV hEphem512Prov;
HCRYPTPROV hEphem1024Prov;
HCRYPTPROV hRemoteProv;
PROV_ENUMALGS_EX * pCapiAlgs; // Algs supported by hProv (server only)
DWORD cCapiAlgs;
DWORD dwCapiFlags; // Whether hProv is static or csp
DWORD fAppRemoteProv; // Does application own hRemoteProv?
DWORD dwCF; // Is this a server SGC cert?
DWORD dwKeySpec;
ExchSpec dwExchSpec;
PPUBLICKEY pPublicKey;
PBYTE pbSsl3SerializedChain;
DWORD cbSsl3SerializedChain;
HCRYPTKEY hTek; // Ephemeral DH
} SPCredential, *PSPCredential;
typedef struct _SPCredentialGroup {
DWORD Magic;
DWORD grbitProtocol;
DWORD grbitEnabledProtocols;
DWORD dwFlags;
RTL_CRITICAL_SECTION csLock;
DWORD dwMinStrength;
DWORD dwMaxStrength;
DWORD cSupportedAlgs;
ALG_ID * palgSupportedAlgs;
DWORD dwSessionLifespan;
ULONG ProcessId;
// server-side only
LONG cMappers;
HMAPPER ** pahMappers;
HCERTSTORE hApplicationRoots; // Specified by application.
HCERTSTORE hUserRoots; // Current user ROOT - monitored for changes
PBYTE pbTrustedIssuers;
DWORD cbTrustedIssuers;
CRED_THUMBPRINT CredThumbprint; // Used when purging server cache entries.
LONG RefCount;
LIST_ENTRY ListEntry;
PSPCredential pCredList;
DWORD cCredList;
} SPCredentialGroup, * PSPCredentialGroup;
typedef struct _LSA_SCHANNEL_SUB_CRED
{
PCCERT_CONTEXT pCert;
LPWSTR pszPin;
HCRYPTPROV hRemoteProv;
PVOID pPrivateKey;
DWORD cbPrivateKey;
LPSTR pszPassword;
} LSA_SCHANNEL_SUB_CRED, *PLSA_SCHANNEL_SUB_CRED;
typedef struct _LSA_SCHANNEL_CRED
{
DWORD dwVersion;
DWORD cSubCreds;
PLSA_SCHANNEL_SUB_CRED paSubCred;
HCERTSTORE hRootStore;
DWORD cMappers;
struct _HMAPPER **aphMappers;
DWORD cSupportedAlgs;
ALG_ID * palgSupportedAlgs;
DWORD grbitEnabledProtocols;
DWORD dwMinimumCipherStrength;
DWORD dwMaximumCipherStrength;
DWORD dwSessionLifespan;
DWORD dwFlags;
DWORD reserved;
} LSA_SCHANNEL_CRED, *PLSA_SCHANNEL_CRED;
#define LockCredential(p) RtlEnterCriticalSection(&(p)->csLock)
#define UnlockCredential(p) RtlLeaveCriticalSection(&(p)->csLock)
BOOL
SslInitCredentialManager(VOID);
BOOL
SslFreeCredentialManager(VOID);
BOOL
SslCheckForGPEvent(void);
BOOL
IsValidThumbprint(
PCRED_THUMBPRINT Thumbprint);
BOOL
IsSameThumbprint(
PCRED_THUMBPRINT Thumbprint1,
PCRED_THUMBPRINT Thumbprint2);
void
GenerateCertThumbprint(
PCCERT_CONTEXT pCertContext,
PCRED_THUMBPRINT Thumbprint);
void
GenerateRandomThumbprint(
PCRED_THUMBPRINT Thumbprint);
BOOL
DoesCredThumbprintMatch(
PSPCredentialGroup pCredGroup,
PCRED_THUMBPRINT pThumbprint);
SP_STATUS
SPCreateCred(
DWORD dwProtocol,
PLSA_SCHANNEL_SUB_CRED pSubCred,
PSPCredential pCurrentCred,
BOOL * pfEventLogged);
SP_STATUS
SPCreateCredential(
PSPCredentialGroup *ppCred,
DWORD grbitProtocol,
PLSA_SCHANNEL_CRED pSchannelCred);
SP_STATUS
AddCredentialToGroup(
PSPCredentialGroup pCredGroup,
PSPCredential pCred);
SP_STATUS
IsCredentialInGroup(
PSPCredentialGroup pCredGroup,
PCCERT_CONTEXT pCertContext,
PBOOL pfInGroup);
SECURITY_STATUS
UpdateCredentialFormat(
PSCH_CRED pSchCred, // in
PLSA_SCHANNEL_CRED pCred); // out
DWORD
GetCredentialKeySize(
PSPCredential pCred);
NTSTATUS
FindDefaultMachineCred(
PSPCredentialGroup *ppCred,
DWORD dwProtocol);
BOOL
SPReferenceCredential(
PSPCredentialGroup pCred);
BOOL
SPDereferenceCredential(
PSPCredentialGroup pCred);
void
SPDeleteCred(
PSPCredential pCred);
BOOL
SPDeleteCredential(PSPCredentialGroup pCred);
// Downlevel credential versions
#define SSL_CREDENTIAL_VERSION 0
// flag bit definitions
#define CRED_FLAG_NO_SYSTEM_MAPPER 0x00000004 // client cert mapping
#define CRED_FLAG_NO_SERVERNAME_CHECK 0x00000008 // server cert validation
#define CRED_FLAG_MANUAL_CRED_VALIDATION 0x00000010 // server cert validation
#define CRED_FLAG_NO_DEFAULT_CREDS 0x00000020 // client certificate selection
#define CRED_FLAG_UPDATE_ISSUER_LIST 0x00000040 // new setting have been downloaded from GPO
#define CRED_FLAG_DELETED 0x00000080 // credential has been deleted by application.
#define CRED_FLAG_REVCHECK_END_CERT 0x00000100
#define CRED_FLAG_REVCHECK_CHAIN 0x00000200
#define CRED_FLAG_REVCHECK_CHAIN_EXCLUDE_ROOT 0x00000400
#define CRED_FLAG_IGNORE_NO_REVOCATION_CHECK 0x00000800
#define CRED_FLAG_IGNORE_REVOCATION_OFFLINE 0x00001000
#define CRED_FLAG_DISABLE_RECONNECTS 0x00004000
#endif