Swiftdiff options
| author | Mili Verma <mili.verma@isode.com> | 2015-06-26 14:32:04 (GMT) |
|---|---|---|
| committer | Mili Verma <mili.verma@isode.com> | 2015-06-30 09:47:58 (GMT) |
| commit | 208c75672fa106fe6e3a44bcb41dc9f2808b1b71 (patch) | |
| tree | 973c70b4711bc1e27c3877c89f9e15d761a1210e /Swiften/SASL/WindowsAuthentication.h | |
| parent | a3564b7aca44f5ccab3881e6f723dfb64bf66884 (diff) | |
| download | swift-208c75672fa106fe6e3a44bcb41dc9f2808b1b71.zip swift-208c75672fa106fe6e3a44bcb41dc9f2808b1b71.tar.bz2 | |
Add wrappers for Windows API to be used in GSSAPI
Test-information:
Tested on Windows using WIP GSSAPI code.
Unit tests pass.
Change-Id: I21f8f637480a21a014ec172431dd8d4a01a11620
Diffstat (limited to 'Swiften/SASL/WindowsAuthentication.h')
| -rw-r--r-- | Swiften/SASL/WindowsAuthentication.h | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/Swiften/SASL/WindowsAuthentication.h b/Swiften/SASL/WindowsAuthentication.h new file mode 100644 index 0000000..82e428c --- /dev/null +++ b/Swiften/SASL/WindowsAuthentication.h @@ -0,0 +1,170 @@ +/* + * Copyright (c) 2015 Isode Limited. + * All rights reserved. + * See the COPYING file for more information. + */ + +#pragma once + +#include <string> + +#define SECURITY_WIN32 +#include <Windows.h> +#include <Sspi.h> + +#include <Swiften/Base/API.h> +#include <Swiften/Base/boost_bsignals.h> +#include <Swiften/Base/SafeByteArray.h> + +namespace Swift { + /** + * Retrieves the names & Windows server domain of the user associated + * with the calling thread. + * + * @param userName Will return the user name in the form "DOMAIN\user" + * @param clientName Will return the client name in the form "user" + * @param serverName Will return the server name in the form "DOMAIN" + * + * @return NULL for success, otherwise the error code returned by + * Windows. + */ + SWIFTEN_API boost::shared_ptr<boost::system::error_code> getUserNameEx(std::string& userName, std::string& clientName, std::string& serverName); + + /** + * Retrieves the handle to preexisting client credentials for the + * Kerberos security package that were established through a system + * logon. + * freeCredentialsHandle() should be called if this function is + * successful and when credentials are no longer needed. + * + * @param credentialsHandle Pointer to the returned credentials handle. + * + * @return NULL for success, otherwise the error code returned by + * Windows. + */ + SWIFTEN_API boost::shared_ptr<boost::system::error_code> acquireCredentialsHandle(PCredHandle credentialsHandle); + + /** + * Releases the credentials handle obtained by the + * acquireCredentialsHandle() function. + * freeCredentialsHandle() should be called when credentials are no + * longer needed. + * + * @param credentialsHandle Pointer to the credentials handle. + * + * @return NULL for success, otherwise the error code returned by + * Windows. + */ + SWIFTEN_API boost::shared_ptr<boost::system::error_code> freeCredentialsHandle(PCredHandle credentialsHandle); + + /** + * Builds the security context between the client and remote peer. + * Kerberos security package that were established through a system + * logon. + * + * @param inputToken NULL or empty on the first call, otherwise the + * token returned by the server. + * @param servicePrincipalNameString Service principal name of the + * server. + * @param credentialsHandle Pointer to the credentials handle acquired + * before. + * @param haveContextHandle False on the first call to this function, + * true otherwise. + * @param contextHandle Pointer to the context handle returned on the + * first call and passed on subsequent calls. + * @param contextRequested Context related requests by the caller. See + * the Windows API InitializeSecurityContext for allowed values. + * @param contextSupported Pointer to context related attributes + * returned when context is completely established (when + * haveCompleteContext contains true). See the Windows API + * InitializeSecurityContext for allowed values. + * @param haveCompleteContext Pointer to boolean - this will only be + * true on return when the context is completely established and + * there is no need to call this function again. + * @param outputToken Returned security token to be sent to the server, + * may be empty. + * + * @return NULL for success, otherwise the error code returned by + * Windows. + */ + SWIFTEN_API boost::shared_ptr<boost::system::error_code> initializeSecurityContext(const boost::optional<ByteArray>& inputToken, const std::string& servicePrincipalNameString, const PCredHandle credentialsHandle, bool haveContextHandle, PCtxtHandle contextHandle, ULONG contextRequested, ULONG* contextSupported, bool* haveCompleteContext, SafeByteArray& outputToken); + + /** + * Releases the context handle obtained by the + * initializeSecurityContext() function. + * deleteSecurityContext() should be called when the context is no + * longer needed. + * + * @param contextHandle Pointer to the context handle. + * + * @return NULL for success, otherwise the error code returned by + * Windows. + */ + SWIFTEN_API boost::shared_ptr<boost::system::error_code> deleteSecurityContext(PCtxtHandle contextHandle); + + /** + * Completes an authentication token for a partial security context. + * + * @param contextHandle Pointer to the context handle. + * @param token authentication token. + * + * @return NULL for success, otherwise the error code returned by + * Windows. + */ + SWIFTEN_API boost::shared_ptr<boost::system::error_code> completeAuthToken(const PCtxtHandle contextHandle, PSecBufferDesc token); + + /** + * Frees a memory buffer allocated by the security package. + * + * @param contextBuffer Pointer to buffer to be freed. + * + * @return NULL for success, otherwise the error code returned by + * Windows. + */ + SWIFTEN_API boost::shared_ptr<boost::system::error_code> freeContextBuffer(PVOID contextBuffer); + + /** + * Decrypt message (assumes that sequence numbers are not maintained). + * + * @param contextHandle Pointer to the context handle. + * @param message Message to decrypt. + * @param decrypted Returned decrypted message. + * + * @return NULL for success, otherwise the error code returned by + * Windows. + */ + SWIFTEN_API boost::shared_ptr<boost::system::error_code> decryptMessage(const PCtxtHandle contextHandle, const ByteArray& message, SafeByteArray& decrypted); + + /** + * Produces a header or trailer for the message but does not encrypt it + * (also assumes that sequence numbers are not maintained). + * + * @param contextHandle Pointer to the context handle. + * @param sizes SecPkgContext_Sizes obtained for the context. + * @param message Input message. + * @param output Returned output message. + * + * @return NULL for success, otherwise the error code returned by + * Windows. + */ + SWIFTEN_API boost::shared_ptr<boost::system::error_code> encryptMessage(const PCtxtHandle contextHandle, const SecPkgContext_Sizes& sizes, const SafeByteArray& message, SafeByteArray& output); + + /** + * Queries the security package for attributes of the security context. + * + * @param contextHandle Pointer to the context handle. + * @param attribute Attribute to query. See the Windows API + * QueryContextAttributes for allowed values. + * @param buffer Pointer to a structure that receives the output. + * The type of structure depends on the queried attribute and + * memory for it must be allocated by caller. If the SSP allocates + * any memory required to hold some members, that memory should be + * freed using the function freeContextBuffer(). See the Windows + * API QueryContextAttributes for details. + * + * @return NULL for success, otherwise the error code returned by + * Windows. + */ + SWIFTEN_API boost::shared_ptr<boost::system::error_code> queryContextAttributes(const PCtxtHandle contextHandle, ULONG attribute, PVOID buffer); + +} |