windows-nt/Source/XPSP1/NT/inetsrv/iis/staxinc/simssl.h

256 lines
5.2 KiB
C
Raw Normal View History

2020-09-26 03:20:57 -05:00
/*++
Copyright (c) 1995 Microsoft Corporation
Module Name:
simssl.h
Abstract:
This module contains class declarations/definitions for
CEncryptCtx (some code stolen from internet server)
Revision History:
--*/
#ifndef _SIMSSL_H_
#define _SIMSSL_H_
class CEncryptCtx
{
private:
//
// is this the client side
//
BOOL m_IsClient;
//
// indicates whether we are starting a new session
//
BOOL m_IsNewSSLSession;
//
// should this session be encypted
//
BOOL m_IsEncrypted;
//
// Handle to user's security context for encryption
//
CtxtHandle m_hSealCtxt;
//
// Pointers to cached credential blocks
//
//
// Array of credential handles - Note this comes form the credential cache
// and should not be deleted. m_phCredInUse is the pointer to the
// credential handle that is in use
//
PVOID m_phCreds;
CredHandle* m_phCredInUse;
DWORD m_iCredInUse;
//
// ecryption header and trailer lengths
//
DWORD m_cbSealHeaderSize;
DWORD m_cbSealTrailerSize;
//
// indicates whether we have context handles opened
//
BOOL m_haveSSLCtxtHandle;
//
// Have we been authenticated, if so did we use the
// anonymous token
//
BOOL m_IsAuthenticated;
//
// Have we been authenticated, if so did we use the
// anonymous token
//
static BOOL m_IsSecureCapable;
//
// static variables used by all class instances
//
static char szServiceName[16];
static char szLsaPrefix[16];
//
// hSecurity - NULL when security.dll/secur32.dll is not loaded
//
static HINSTANCE m_hSecurity;
//
// hLsa - NULL for Win95, set for NT
//
static HINSTANCE m_hLsa;
//
// internal routine to implement public Converse
//
DWORD EncryptConverse(
IN PVOID InBuffer,
IN DWORD InBufferSize,
OUT LPBYTE OutBuffer,
OUT PDWORD OutBufferSize,
OUT PBOOL MoreBlobsExpected,
IN CredHandle* pCredHandle
);
public:
CEncryptCtx( BOOL IsClient = FALSE );
~CEncryptCtx();
//
// routines used to initialize and terminate use of this class
//
static BOOL WINAPI Initialize( LPSTR pszServiceName,
LPSTR pszLsaPrefix );
static VOID WINAPI Terminate( VOID );
//
// routine to set the magic bits required by the IIS Admin tool
//
static void WINAPI GetAdminInfoEncryptCaps( PDWORD pdwEncCaps );
//
// returns whether sspi packages and credentials have been installed
//
static BOOL IsSecureCapable( void ) { return m_IsSecureCapable; }
//
// returns whether session is encrypted or not
//
BOOL IsEncrypted( void ) { return m_IsEncrypted; }
//
// returns whether session has successfully authenticated
//
BOOL IsAuthenticated( void ) { return m_IsAuthenticated; }
//
// Encryption routines
//
BOOL WINAPI SealMessage(
IN LPBYTE Message,
IN DWORD cbMessage,
OUT LPBYTE pbuffOut,
OUT DWORD *pcbBuffOut
);
BOOL WINAPI UnsealMessage(
IN LPBYTE Message,
IN DWORD cbMessage,
OUT LPBYTE *DecryptedMessage,
OUT PDWORD DecryptedMessageSize,
OUT PDWORD ExpectedMessageSize,
OUT LPBYTE *NextSealMessage = NULL
);
//
// SSL specific routines. This is used for processing SSL negotiation
// packets.
//
DWORD WINAPI Converse(
IN PVOID InBuffer,
IN DWORD InBufferSize,
OUT LPBYTE OutBuffer,
OUT PDWORD OutBufferSize,
OUT PBOOL MoreBlobsExpected,
IN LPSTR LocalIpAddr = "127.0.0.1"
);
//
// resets the user name
//
void WINAPI Reset( void );
//
// returns the size of the encryption header for this session
//
DWORD GetSealHeaderSize( void )
{ return m_haveSSLCtxtHandle ? m_cbSealHeaderSize : 0 ; }
//
// returns the size of the encryption trailer for this session
//
DWORD GetSealTrailerSize( void )
{ return m_haveSSLCtxtHandle ? m_cbSealTrailerSize : 0 ; }
//
// decrypts read buffer, concatenating all decrypted data at the
// head of the buffer.
//
DWORD WINAPI DecryptInputBuffer(
IN LPBYTE pBuffer,
IN DWORD cbInBuffer,
OUT DWORD* pcbOutBuffer,
OUT DWORD* pcbParsable,
OUT DWORD* pcbExpected
);
//
// verifies the intended host name matches the name contained in the cert
// This function, checks a given hostname against the current certificate
// stored in an active SSPI Context Handle. If the certificate containts
// a common name, and it matches the passed in hostname, this function
// will return TRUE.
//
BOOL CheckCertificateCommonName(
IN LPSTR pszHostName
);
//
// verifies the ccertificate has not expired
// returns TRUE if the cert is valid
//
BOOL CheckCertificateExpired(
void
);
}; // CSslCtx
//
// blkcred.cpp
//
#endif // _SECURITY_H_