19 #ifndef INCLUDE_RCF_SSPIFILTER_HPP 20 #define INCLUDE_RCF_SSPIFILTER_HPP 25 #include <RCF/ByteBuffer.hpp> 26 #include <RCF/Filter.hpp> 28 #include <RCF/RecursionLimiter.hpp> 29 #include <RCF/Export.hpp> 33 #ifndef SECURITY_WIN32 34 #define SECURITY_WIN32 44 static const bool BoolClient =
false;
45 static const bool BoolServer =
true;
47 static const bool BoolSchannel =
true;
49 typedef RCF::tstring tstring;
55 typedef std::shared_ptr<SspiFilter> SspiFilterPtr;
72 void revertToSelf()
const;
75 SspiFilterPtr mSspiFilterPtr;
78 static const ULONG DefaultSspiContextRequirements =
79 ISC_REQ_REPLAY_DETECT |
80 ISC_REQ_SEQUENCE_DETECT |
81 ISC_REQ_CONFIDENTIALITY |
86 class SchannelClientFilter;
87 typedef SchannelClientFilter SchannelFilter;
89 class SchannelFilterFactory;
94 class RCF_EXPORT SspiFilter :
public Filter
100 enum QualityOfProtection
107 QualityOfProtection getQop();
113 PCtxtHandle getSecurityContext()
const;
121 const tstring & packageName,
122 const tstring & packageList,
128 QualityOfProtection qop,
129 ULONG contextRequirements,
130 const tstring & packageName,
131 const tstring & packageList,
137 QualityOfProtection qop,
138 ULONG contextRequirements,
139 const tstring & packageName,
140 const tstring & packageList,
166 void setupCredentials(
167 const tstring &userName,
168 const tstring &password,
169 const tstring &domain);
171 void setupCredentialsSchannel();
173 void acquireCredentials(
174 const tstring &userName = RCF_T(
""),
175 const tstring &password = RCF_T(
""),
176 const tstring &domain = RCF_T(
""));
178 void freeCredentials();
186 std::size_t bytesRequested);
188 void write(
const std::vector<ByteBuffer> &byteBuffers);
190 void onReadCompleted(
const ByteBuffer &byteBuffer);
191 void onWriteCompleted(std::size_t bytesTransferred);
193 void handleEvent(Event event);
197 void encryptWriteBuffer();
198 bool decryptReadBuffer();
200 void encryptWriteBufferSchannel();
201 bool decryptReadBufferSchannel();
203 bool completeReadBlock();
204 bool completeWriteBlock();
205 bool completeBlock();
207 void resizeReadBuffer(std::size_t newSize);
208 void resizeWriteBuffer(std::size_t newSize);
210 void shiftReadBuffer();
211 void trimReadBuffer();
213 virtual void handleHandshakeEvent() = 0;
219 const tstring mPackageName;
220 const tstring mPackageList;
221 QualityOfProtection mQop;
222 ULONG mContextRequirements;
225 bool mHaveCredentials;
226 bool mImplicitCredentials;
229 CredHandle mCredentials;
231 ContextState mContextState;
239 std::size_t mBytesRequestedOrig;
242 ReallocBufferPtr mReadBufferVectorPtr;
244 std::size_t mReadBufferPos;
245 std::size_t mReadBufferLen;
248 ReallocBufferPtr mWriteBufferVectorPtr;
250 std::size_t mWriteBufferPos;
251 std::size_t mWriteBufferLen;
253 std::vector<ByteBuffer> mByteBuffers;
256 const bool mSchannel;
258 std::size_t mMaxMessageLength;
264 DWORD mEnabledProtocols;
265 tstring mAutoCertValidation;
266 const std::size_t mReadAheadChunkSize;
267 std::size_t mRemainingDataPos;
269 std::vector<RCF::ByteBuffer> mMergeBufferList;
270 std::vector<char> mMergeBuffer;
272 bool mProtocolChecked;
275 bool mLimitRecursion;
276 RecursionState<ByteBuffer, int> mRecursionStateRead;
277 RecursionState<std::size_t, int> mRecursionStateWrite;
279 void onReadCompleted_(
const ByteBuffer &byteBuffer);
280 void onWriteCompleted_(std::size_t bytesTransferred);
282 friend class SchannelFilterFactory;
287 class RCF_EXPORT SspiServerFilter :
public SspiFilter
291 const tstring &packageName,
292 const tstring &packageList,
293 bool schannel =
false);
296 bool doHandshakeSchannel();
298 void handleHandshakeEvent();
301 class NtlmServerFilter :
public SspiServerFilter
305 int getFilterId()
const;
308 class KerberosServerFilter :
public SspiServerFilter
311 KerberosServerFilter();
312 int getFilterId()
const;
315 class NegotiateServerFilter :
public SspiServerFilter
318 NegotiateServerFilter(
const tstring &packageList);
319 int getFilterId()
const;
324 class RCF_EXPORT NtlmFilterFactory :
public FilterFactory
327 FilterPtr createFilter(
RcfServer & server);
331 class KerberosFilterFactory :
public FilterFactory
334 FilterPtr createFilter(
RcfServer & server);
338 class NegotiateFilterFactory :
public FilterFactory
341 NegotiateFilterFactory(
const tstring &packageList = RCF_T(
"Kerberos, NTLM"));
342 FilterPtr createFilter(
RcfServer & server);
345 tstring mPackageList;
350 class SspiClientFilter :
public SspiFilter
355 QualityOfProtection qop,
356 ULONG contextRequirements,
357 const tstring & packageName,
358 const tstring & packageList) :
370 QualityOfProtection qop,
371 ULONG contextRequirements,
372 const tstring & packageName,
373 const tstring & packageList,
386 bool doHandshakeSchannel();
388 void handleHandshakeEvent();
391 class NtlmClientFilter :
public SspiClientFilter
396 QualityOfProtection qop = SspiFilter::Encryption,
397 ULONG contextRequirements
398 = DefaultSspiContextRequirements);
400 int getFilterId()
const;
403 class KerberosClientFilter :
public SspiClientFilter
406 KerberosClientFilter(
408 QualityOfProtection qop = SspiFilter::Encryption,
409 ULONG contextRequirements
410 = DefaultSspiContextRequirements);
412 int getFilterId()
const;
415 class NegotiateClientFilter :
public SspiClientFilter
418 NegotiateClientFilter(
420 QualityOfProtection qop = SspiFilter::None,
421 ULONG contextRequirements
422 = DefaultSspiContextRequirements);
425 int getFilterId()
const;
428 typedef NtlmClientFilter NtlmFilter;
429 typedef KerberosClientFilter KerberosFilter;
430 typedef NegotiateClientFilter NegotiateFilter;
434 typedef NtlmFilter SspiNtlmFilter;
435 typedef KerberosFilter SspiKerberosFilter;
436 typedef NegotiateFilter SspiNegotiateFilter;
438 typedef NtlmServerFilter SspiNtlmServerFilter;
439 typedef KerberosServerFilter SspiKerberosServerFilter;
440 typedef NegotiateServerFilter SspiNegotiateServerFilter;
441 typedef NtlmFilterFactory SspiNtlmFilterFactory;
442 typedef KerberosFilterFactory SspiKerberosFilterFactory;
443 typedef NegotiateFilterFactory SspiNegotiateFilterFactory;
444 typedef NtlmClientFilter SspiNtlmClientFilter;
445 typedef KerberosClientFilter SspiKerberosClientFilter;
446 typedef NegotiateClientFilter SspiNegotiateClientFilter;
448 typedef SspiFilter SspiFilterBase;
449 typedef SspiFilterPtr SspiFilterBasePtr;
453 #endif // ! INCLUDE_RCF_SSPIFILTER_HPP
Allows the server side of a SSPI-based connection to impersonate the client. Only applicable to conne...
Definition: SspiFilter.hpp:58
Represents a server side session, associated with a client connection.
Definition: RcfSession.hpp:67
Controls the client side of a RCF connection.
Definition: ClientStub.hpp:69
std::shared_ptr< Win32Certificate > Win32CertificatePtr
Reference counted wrapper for RCF::Win32Certificate.
Definition: RcfFwd.hpp:255
std::function< bool(Certificate *)> CertificateValidationCallback
Describes user-provided callback functions for validating a certificate.
Definition: RcfFwd.hpp:114
RCF_EXPORT bool deinit()
Reference-counted deinitialization of RCF library. For actual deinitialization to take place...
Represents an in-memory certificate, either from a remote peer or loaded from a local certificate sto...
Definition: Win32Certificate.hpp:38
Provides RCF server-side functionality.
Definition: RcfServer.hpp:54
Definition: ByteBuffer.hpp:40
Definition: AmiIoHandler.hpp:24
Base class for all RCF certificate classes.
Definition: Certificate.hpp:30
RCF_EXPORT bool init(RcfConfigT *=nullptr)
Reference-counted initialization of RCF library. May be called multiple times (see deinit())...