19 #ifndef INCLUDE_RCF_SSPIFILTER_HPP 20 #define INCLUDE_RCF_SSPIFILTER_HPP 25 #include <RCF/ByteBuffer.hpp> 26 #include <RCF/Filter.hpp> 28 #include <RCF/RecursionLimiter.hpp> 29 #include <RCF/Export.hpp> 33 #ifndef SECURITY_WIN32 34 #define SECURITY_WIN32 44 static const bool BoolClient =
false;
45 static const bool BoolServer =
true;
47 static const bool BoolSchannel =
true;
49 typedef RCF::tstring tstring;
55 typedef std::shared_ptr<SspiFilter> SspiFilterPtr;
72 void revertToSelf()
const;
75 SspiFilterPtr mSspiFilterPtr;
78 static const ULONG DefaultSspiContextRequirements =
79 ISC_REQ_REPLAY_DETECT |
80 ISC_REQ_SEQUENCE_DETECT |
81 ISC_REQ_CONFIDENTIALITY |
86 class SchannelClientFilter;
87 typedef SchannelClientFilter SchannelFilter;
89 class SchannelFilterFactory;
94 class RCF_EXPORT SspiFilter :
public Filter
106 PCtxtHandle getSecurityContext()
const;
114 const tstring & packageName,
115 const tstring & packageList,
122 ULONG contextRequirements,
123 const tstring & packageName,
124 const tstring & packageList,
131 ULONG contextRequirements,
132 const tstring & packageName,
133 const tstring & packageList,
159 void setupCredentials(
160 const tstring &userName,
161 const tstring &password,
162 const tstring &domain);
164 void setupCredentialsSchannel();
166 void acquireCredentials(
167 const tstring &userName = RCF_T(
""),
168 const tstring &password = RCF_T(
""),
169 const tstring &domain = RCF_T(
""));
171 void freeCredentials();
173 void freePackageInfo();
181 std::size_t bytesRequested);
183 void write(
const std::vector<ByteBuffer> &byteBuffers);
185 void onReadCompleted(
const ByteBuffer &byteBuffer);
186 void onWriteCompleted(std::size_t bytesTransferred);
188 void handleEvent(Event event);
192 void encryptWriteBuffer();
193 bool decryptReadBuffer();
195 void encryptWriteBufferSchannel();
196 bool decryptReadBufferSchannel();
198 bool completeReadBlock();
199 bool completeWriteBlock();
200 bool completeBlock();
202 void resizeReadBuffer(std::size_t newSize);
203 void resizeWriteBuffer(std::size_t newSize);
205 void shiftReadBuffer();
206 void trimReadBuffer();
208 virtual void handleHandshakeEvent() = 0;
214 const tstring mPackageName;
215 const tstring mPackageList;
217 ULONG mContextRequirements;
220 bool mHaveCredentials;
221 bool mImplicitCredentials;
224 CredHandle mCredentials;
227 ContextState mContextState;
235 std::size_t mBytesRequestedOrig;
238 ReallocBufferPtr mReadBufferVectorPtr;
240 std::size_t mReadBufferPos;
241 std::size_t mReadBufferLen;
244 ReallocBufferPtr mWriteBufferVectorPtr;
246 std::size_t mWriteBufferPos;
247 std::size_t mWriteBufferLen;
249 std::vector<ByteBuffer> mByteBuffers;
252 const bool mSchannel;
254 std::size_t mMaxMessageLength;
260 DWORD mEnabledProtocols;
261 tstring mAutoCertValidation;
262 const std::size_t mReadAheadChunkSize;
263 std::size_t mRemainingDataPos;
265 std::vector<RCF::ByteBuffer> mMergeBufferList;
266 std::vector<char> mMergeBuffer;
268 bool mProtocolChecked;
271 bool mLimitRecursion;
272 RecursionState<ByteBuffer, int> mRecursionStateRead;
273 RecursionState<std::size_t, int> mRecursionStateWrite;
275 void onReadCompleted_(
const ByteBuffer &byteBuffer);
276 void onWriteCompleted_(std::size_t bytesTransferred);
278 friend class SchannelFilterFactory;
283 class RCF_EXPORT SspiServerFilter :
public SspiFilter
287 const tstring &packageName,
288 const tstring &packageList,
289 bool schannel =
false);
292 bool doHandshakeSchannel();
294 void handleHandshakeEvent();
297 class NtlmServerFilter :
public SspiServerFilter
301 int getFilterId()
const;
304 class KerberosServerFilter :
public SspiServerFilter
307 KerberosServerFilter();
308 int getFilterId()
const;
311 class NegotiateServerFilter :
public SspiServerFilter
314 NegotiateServerFilter(
const tstring &packageList);
315 int getFilterId()
const;
320 class RCF_EXPORT NtlmFilterFactory :
public FilterFactory
323 FilterPtr createFilter(
RcfServer & server);
327 class KerberosFilterFactory :
public FilterFactory
330 FilterPtr createFilter(
RcfServer & server);
334 class NegotiateFilterFactory :
public FilterFactory
337 NegotiateFilterFactory(
const tstring &packageList = RCF_T(
"Kerberos, NTLM"));
338 FilterPtr createFilter(
RcfServer & server);
341 tstring mPackageList;
346 class SspiClientFilter :
public SspiFilter
352 ULONG contextRequirements,
353 const tstring & packageName,
354 const tstring & packageList) :
367 ULONG contextRequirements,
368 const tstring & packageName,
369 const tstring & packageList,
382 bool doHandshakeSchannel();
384 void handleHandshakeEvent();
387 class NtlmClientFilter :
public SspiClientFilter
393 ULONG contextRequirements
394 = DefaultSspiContextRequirements);
396 int getFilterId()
const;
399 class KerberosClientFilter :
public SspiClientFilter
402 KerberosClientFilter(
405 ULONG contextRequirements
406 = DefaultSspiContextRequirements);
408 int getFilterId()
const;
411 class NegotiateClientFilter :
public SspiClientFilter
414 NegotiateClientFilter(
417 ULONG contextRequirements
418 = DefaultSspiContextRequirements);
421 int getFilterId()
const;
424 typedef NtlmClientFilter NtlmFilter;
425 typedef KerberosClientFilter KerberosFilter;
426 typedef NegotiateClientFilter NegotiateFilter;
430 typedef NtlmFilter SspiNtlmFilter;
431 typedef KerberosFilter SspiKerberosFilter;
432 typedef NegotiateFilter SspiNegotiateFilter;
434 typedef NtlmServerFilter SspiNtlmServerFilter;
435 typedef KerberosServerFilter SspiKerberosServerFilter;
436 typedef NegotiateServerFilter SspiNegotiateServerFilter;
437 typedef NtlmFilterFactory SspiNtlmFilterFactory;
438 typedef KerberosFilterFactory SspiKerberosFilterFactory;
439 typedef NegotiateFilterFactory SspiNegotiateFilterFactory;
440 typedef NtlmClientFilter SspiNtlmClientFilter;
441 typedef KerberosClientFilter SspiKerberosClientFilter;
442 typedef NegotiateClientFilter SspiNegotiateClientFilter;
444 typedef SspiFilter SspiFilterBase;
445 typedef SspiFilterPtr SspiFilterBasePtr;
449 #endif // ! INCLUDE_RCF_SSPIFILTER_HPP SspiMessageProtection
Definition: Enums.hpp:207
Allows the server side of a SSPI-based connection to impersonate the client. Only applicable to conne...
Definition: SspiFilter.hpp:58
Represents a server side session, associated with a client connection.
Definition: RcfSession.hpp:67
Controls the client side of a RCF connection.
Definition: ClientStub.hpp:82
std::shared_ptr< Win32Certificate > Win32CertificatePtr
Reference counted wrapper for RCF::Win32Certificate.
Definition: RcfFwd.hpp:257
std::function< bool(Certificate *)> CertificateValidationCallback
Describes user-provided callback functions for validating a certificate.
Definition: RcfFwd.hpp:114
RCF_EXPORT bool deinit()
Reference-counted deinitialization of RCF library. For actual deinitialization to take place...
Represents an in-memory certificate, either from a remote peer or loaded from a local certificate sto...
Definition: Win32Certificate.hpp:38
Provides RCF server-side functionality.
Definition: RcfServer.hpp:54
Definition: ByteBuffer.hpp:40
Definition: AmiIoHandler.hpp:24
Base class for all RCF certificate classes.
Definition: Certificate.hpp:30
RCF_EXPORT bool init(RcfConfigT *=nullptr)
Reference-counted initialization of RCF library. May be called multiple times (see deinit())...
Messages are sent in clear text.
Definition: Enums.hpp:210