[pywin32-checkins] pywin32/win32/Lib sspi.py,NONE,1.1 sspicon.py,NONE,1.1
OLD project page for the Python extensions for Windows
Brought to you by:
mhammond
Menu
▾
▴
[pywin32-checkins] pywin32/win32/Lib sspi.py,NONE,1.1 sspicon.py,NONE,1.1
|
From: Mark H. <mha...@us...> - 2005-03-06 23:27:12
|
Update of /cvsroot/pywin32/pywin32/win32/Lib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25147/Lib Added Files: sspi.py sspicon.py Log Message: Some excellent sspi additions to win32security, and a number of tests and demos, originally from Roger Upole. --- NEW FILE: sspi.py --- """ Helper classes for SSPI authentication via the win32security module. SSPI authentication involves a token-exchange "dance", the exact details of which depends on the authentication provider used. There are also a number of complex flags and constants that need to be used - in most cases, there are reasonable defaults. These classes attempt to hide these details from you until you really need to know. """ # Based on Roger Upole's sspi demos. # $Id: sspi.py,v 1.1 2005/03/06 23:27:00 mhammond Exp $ import win32security, sspicon try: True, False except NameError: False = 1==0 True = not False class _BaseAuth(object): def __init__(self): self.reset() def reset(self): self.ctxt = None self.authenticated = False def encrypt(self, data): """Encrypt a string, returning a string suitable for transmission""" pkg_size_info=self.ctxt.QueryContextAttributes(sspicon.SECPKG_ATTR_SIZES) trailersize=pkg_size_info['SecurityTrailer'] encbuf=win32security.SecBufferDescType() encbuf.append(win32security.SecBufferType(len(data), sspicon.SECBUFFER_DATA)) encbuf.append(win32security.SecBufferType(trailersize, sspicon.SECBUFFER_TOKEN)) encbuf[0].Buffer=data self.ctxt.EncryptMessage(0,encbuf,1) # And return all buffers as a string return "".join([b.Buffer for b in encbuf]) def decrypt(self, data): """Decrypt a previously encrypted string, returning the orignal data""" pkg_size_info=self.ctxt.QueryContextAttributes(sspicon.SECPKG_ATTR_SIZES) trailersize=pkg_size_info['SecurityTrailer'] msgsize = len(data)-trailersize assert msgsize >= 0, "trailer is %d bytes, but data only %d long" \ % (trailersize, len(data)) encbuf=win32security.SecBufferDescType() encbuf.append(win32security.SecBufferType(msgsize, sspicon.SECBUFFER_DATA)) encbuf.append(win32security.SecBufferType(trailersize, sspicon.SECBUFFER_TOKEN)) encbuf[0].Buffer=data[:msgsize] encbuf[1].Buffer=data[msgsize:] self.ctxt.DecryptMessage(encbuf,1) return encbuf[0].Buffer def sign(self, data): """sign a string suitable for transmission. """ pkg_size_info=self.ctxt.QueryContextAttributes(sspicon.SECPKG_ATTR_SIZES) sigsize=pkg_size_info['MaxSignature'] sigbuf=win32security.SecBufferDescType() sigbuf.append(win32security.SecBufferType(len(data), sspicon.SECBUFFER_DATA)) sigbuf.append(win32security.SecBufferType(sigsize, sspicon.SECBUFFER_TOKEN)) sigbuf[0].Buffer=data self.ctxt.MakeSignature(0,sigbuf,1) # And return all buffers as a string return "".join([b.Buffer for b in sigbuf]) def unsign(self, data): """Takes a message as a 'signed' string, verifies the signature and returns the original data""" pkg_size_info=self.ctxt.QueryContextAttributes(sspicon.SECPKG_ATTR_SIZES) sigsize=pkg_size_info['MaxSignature'] msgsize = len(data)-sigsize assert msgsize >= 0, "signature is %d bytes, but data only %d long" \ % (sigsize, len(data)) sigbuf=win32security.SecBufferDescType() sigbuf.append(win32security.SecBufferType(msgsize, sspicon.SECBUFFER_DATA)) sigbuf.append(win32security.SecBufferType(sigsize, sspicon.SECBUFFER_TOKEN)) sigbuf[0].Buffer=data[:msgsize] sigbuf[1].Buffer=data[msgsize:] self.ctxt.VerifySignature(sigbuf,1) return sigbuf[0].Buffer class ClientAuth(_BaseAuth): """Manages the client side of an SSPI authentication handshake """ def __init__(self, pkg_name, # Name of the package to used. client_name = None, # User for whom credentials are used. auth_info = None, # or a tuple of (username, domain, password) targetspn = None, # Target security context provider name. scflags=None, # security context flags datarep=sspicon.SECURITY_NETWORK_DREP): if scflags is None: scflags = sspicon.ISC_REQ_INTEGRITY|sspicon.ISC_REQ_SEQUENCE_DETECT|\ sspicon.ISC_REQ_REPLAY_DETECT|sspicon.ISC_REQ_CONFIDENTIALITY self.scflags=scflags self.datarep=datarep self.targetspn=targetspn self.pkg_info=win32security.QuerySecurityPackageInfo(pkg_name) self.credentials, \ self.credentials_expiry=win32security.AcquireCredentialsHandle( client_name, self.pkg_info['Name'], sspicon.SECPKG_CRED_OUTBOUND, None, auth_info) _BaseAuth.__init__(self) # Perform *one* step of the client authentication process. def authorize(self, sec_buffer_in): if sec_buffer_in is not None and type(sec_buffer_in) != win32security.SecBufferDescType: # User passed us the raw data - wrap it into a SecBufferDesc sec_buffer_new=win32security.SecBufferDescType() tokenbuf=win32security.SecBufferType(self.pkg_info['MaxToken'], sspicon.SECBUFFER_TOKEN) tokenbuf.Buffer=sec_buffer_in sec_buffer_new.append(tokenbuf) sec_buffer_in = sec_buffer_new sec_buffer_out=win32security.SecBufferDescType() tokenbuf=win32security.SecBufferType(self.pkg_info['MaxToken'], sspicon.SECBUFFER_TOKEN) sec_buffer_out.append(tokenbuf) ## input context handle should be NULL on first call ctxtin=self.ctxt if self.ctxt is None: self.ctxt=win32security.CtxtHandleType() err, attr, exp=win32security.InitializeSecurityContext( self.credentials, ctxtin, self.targetspn, self.scflags, self.datarep, sec_buffer_in, self.ctxt, sec_buffer_out) # Stash these away incase someone needs to know the state from the # final call. self.ctxt_attr = attr self.ctxt_expiry = exp if err in (sspicon.SEC_I_COMPLETE_NEEDED,sspicon.SEC_I_COMPLETE_AND_CONTINUE): self.ctxt.CompleteAuthToken(sec_buffer_out) self.authenticated = err == 0 return err, sec_buffer_out class ServerAuth(_BaseAuth): """Manages the server side of an SSPI authentication handshake """ def __init__(self, pkg_name, spn = None, scflags=None, datarep=sspicon.SECURITY_NETWORK_DREP): self.spn=spn self.datarep=datarep if scflags is None: scflags = sspicon.ASC_REQ_INTEGRITY|sspicon.ASC_REQ_SEQUENCE_DETECT|\ sspicon.ASC_REQ_REPLAY_DETECT|sspicon.ASC_REQ_CONFIDENTIALITY # Should we default to sspicon.KerbAddExtraCredentialsMessage # if pkg_name=='Kerberos'? self.scflags=scflags self.pkg_info=win32security.QuerySecurityPackageInfo(pkg_name) self.credentials, \ self.credentials_expiry=win32security.AcquireCredentialsHandle(spn, self.pkg_info['Name'], sspicon.SECPKG_CRED_INBOUND, None, None) _BaseAuth.__init__(self) # Perform *one* step of the server authentication process. def authorize(self, sec_buffer_in): if sec_buffer_in is not None and type(sec_buffer_in) != win32security.SecBufferDescType: # User passed us the raw data - wrap it into a SecBufferDesc sec_buffer_new=win32security.SecBufferDescType() tokenbuf=win32security.SecBufferType(self.pkg_info['MaxToken'], sspicon.SECBUFFER_TOKEN) tokenbuf.Buffer=sec_buffer_in sec_buffer_new.append(tokenbuf) sec_buffer_in = sec_buffer_new sec_buffer_out=win32security.SecBufferDescType() tokenbuf=win32security.SecBufferType(self.pkg_info['MaxToken'], sspicon.SECBUFFER_TOKEN) sec_buffer_out.append(tokenbuf) ## input context handle is None initially, then handle returned from last call thereafter ctxtin=self.ctxt if self.ctxt is None: self.ctxt=win32security.CtxtHandleType() err, attr, exp = win32security.AcceptSecurityContext(self.credentials, ctxtin, sec_buffer_in, self.scflags, self.datarep, self.ctxt, sec_buffer_out) # Stash these away incase someone needs to know the state from the # final call. self.ctxt_attr = attr self.ctxt_expiry = exp if err in (sspicon.SEC_I_COMPLETE_NEEDED,sspicon.SEC_I_COMPLETE_AND_CONTINUE): self.ctxt.CompleteAuthToken(sec_buffer_out) self.authenticated = err == 0 return err, sec_buffer_out if __name__=='__main__': # Setup the 2 contexts. sspiclient=ClientAuth("NTLM") sspiserver=ServerAuth("NTLM") # Perform the authentication dance, each loop exchanging more information # on the way to completing authentication. sec_buffer=None while 1: err, sec_buffer = sspiclient.authorize(sec_buffer) err, sec_buffer = sspiserver.authorize(sec_buffer) if err==0: break assert sspiserver.unsign(sspiclient.sign("hello")) == "hello" assert sspiserver.decrypt(sspiclient.encrypt("hello")) == "hello" print "cool!" --- NEW FILE: sspicon.py --- # Generated by h2py from c:\microsoft sdk\include\sspi.h ISSP_LEVEL = 32 ISSP_MODE = 1 ISSP_LEVEL = 32 ISSP_MODE = 0 ISSP_LEVEL = 32 ISSP_MODE = 1 def SEC_SUCCESS(Status): return ((Status) >= 0) SECPKG_FLAG_INTEGRITY = 0x00000001 SECPKG_FLAG_PRIVACY = 0x00000002 SECPKG_FLAG_TOKEN_ONLY = 0x00000004 SECPKG_FLAG_DATAGRAM = 0x00000008 SECPKG_FLAG_CONNECTION = 0x00000010 SECPKG_FLAG_MULTI_REQUIRED = 0x00000020 SECPKG_FLAG_CLIENT_ONLY = 0x00000040 SECPKG_FLAG_EXTENDED_ERROR = 0x00000080 SECPKG_FLAG_IMPERSONATION = 0x00000100 SECPKG_FLAG_ACCEPT_WIN32_NAME = 0x00000200 SECPKG_FLAG_STREAM = 0x00000400 SECPKG_FLAG_NEGOTIABLE = 0x00000800 SECPKG_FLAG_GSS_COMPATIBLE = 0x00001000 SECPKG_FLAG_LOGON = 0x00002000 SECPKG_FLAG_ASCII_BUFFERS = 0x00004000 SECPKG_FLAG_FRAGMENT = 0x00008000 SECPKG_FLAG_MUTUAL_AUTH = 0x00010000 SECPKG_FLAG_DELEGATION = 0x00020000 SECPKG_FLAG_READONLY_WITH_CHECKSUM = 0x00040000 SECPKG_ID_NONE = 0xFFFF SECBUFFER_VERSION = 0 SECBUFFER_EMPTY = 0 SECBUFFER_DATA = 1 SECBUFFER_TOKEN = 2 SECBUFFER_PKG_PARAMS = 3 SECBUFFER_MISSING = 4 SECBUFFER_EXTRA = 5 SECBUFFER_STREAM_TRAILER = 6 SECBUFFER_STREAM_HEADER = 7 SECBUFFER_NEGOTIATION_INFO = 8 SECBUFFER_PADDING = 9 SECBUFFER_STREAM = 10 SECBUFFER_MECHLIST = 11 SECBUFFER_MECHLIST_SIGNATURE = 12 SECBUFFER_TARGET = 13 SECBUFFER_CHANNEL_BINDINGS = 14 SECBUFFER_ATTRMASK = (-268435456) SECBUFFER_READONLY = (-2147483648) SECBUFFER_READONLY_WITH_CHECKSUM = 0x10000000 SECBUFFER_RESERVED = 0x60000000 SECURITY_NATIVE_DREP = 0x00000010 SECURITY_NETWORK_DREP = 0x00000000 SECPKG_CRED_INBOUND = 0x00000001 SECPKG_CRED_OUTBOUND = 0x00000002 SECPKG_CRED_BOTH = 0x00000003 SECPKG_CRED_DEFAULT = 0x00000004 SECPKG_CRED_RESERVED = -268435456 ISC_REQ_DELEGATE = 0x00000001 ISC_REQ_MUTUAL_AUTH = 0x00000002 ISC_REQ_REPLAY_DETECT = 0x00000004 ISC_REQ_SEQUENCE_DETECT = 0x00000008 ISC_REQ_CONFIDENTIALITY = 0x00000010 ISC_REQ_USE_SESSION_KEY = 0x00000020 ISC_REQ_PROMPT_FOR_CREDS = 0x00000040 ISC_REQ_USE_SUPPLIED_CREDS = 0x00000080 ISC_REQ_ALLOCATE_MEMORY = 0x00000100 ISC_REQ_USE_DCE_STYLE = 0x00000200 ISC_REQ_DATAGRAM = 0x00000400 ISC_REQ_CONNECTION = 0x00000800 ISC_REQ_CALL_LEVEL = 0x00001000 ISC_REQ_FRAGMENT_SUPPLIED = 0x00002000 ISC_REQ_EXTENDED_ERROR = 0x00004000 ISC_REQ_STREAM = 0x00008000 ISC_REQ_INTEGRITY = 0x00010000 ISC_REQ_IDENTIFY = 0x00020000 ISC_REQ_NULL_SESSION = 0x00040000 ISC_REQ_MANUAL_CRED_VALIDATION = 0x00080000 ISC_REQ_RESERVED1 = 0x00100000 ISC_REQ_FRAGMENT_TO_FIT = 0x00200000 ISC_RET_DELEGATE = 0x00000001 ISC_RET_MUTUAL_AUTH = 0x00000002 ISC_RET_REPLAY_DETECT = 0x00000004 ISC_RET_SEQUENCE_DETECT = 0x00000008 ISC_RET_CONFIDENTIALITY = 0x00000010 ISC_RET_USE_SESSION_KEY = 0x00000020 ISC_RET_USED_COLLECTED_CREDS = 0x00000040 ISC_RET_USED_SUPPLIED_CREDS = 0x00000080 ISC_RET_ALLOCATED_MEMORY = 0x00000100 ISC_RET_USED_DCE_STYLE = 0x00000200 ISC_RET_DATAGRAM = 0x00000400 ISC_RET_CONNECTION = 0x00000800 ISC_RET_INTERMEDIATE_RETURN = 0x00001000 ISC_RET_CALL_LEVEL = 0x00002000 ISC_RET_EXTENDED_ERROR = 0x00004000 ISC_RET_STREAM = 0x00008000 ISC_RET_INTEGRITY = 0x00010000 ISC_RET_IDENTIFY = 0x00020000 ISC_RET_NULL_SESSION = 0x00040000 ISC_RET_MANUAL_CRED_VALIDATION = 0x00080000 ISC_RET_RESERVED1 = 0x00100000 ISC_RET_FRAGMENT_ONLY = 0x00200000 ASC_REQ_DELEGATE = 0x00000001 ASC_REQ_MUTUAL_AUTH = 0x00000002 ASC_REQ_REPLAY_DETECT = 0x00000004 ASC_REQ_SEQUENCE_DETECT = 0x00000008 ASC_REQ_CONFIDENTIALITY = 0x00000010 ASC_REQ_USE_SESSION_KEY = 0x00000020 ASC_REQ_ALLOCATE_MEMORY = 0x00000100 ASC_REQ_USE_DCE_STYLE = 0x00000200 ASC_REQ_DATAGRAM = 0x00000400 ASC_REQ_CONNECTION = 0x00000800 ASC_REQ_CALL_LEVEL = 0x00001000 ASC_REQ_EXTENDED_ERROR = 0x00008000 ASC_REQ_STREAM = 0x00010000 ASC_REQ_INTEGRITY = 0x00020000 ASC_REQ_LICENSING = 0x00040000 ASC_REQ_IDENTIFY = 0x00080000 ASC_REQ_ALLOW_NULL_SESSION = 0x00100000 ASC_REQ_ALLOW_NON_USER_LOGONS = 0x00200000 ASC_REQ_ALLOW_CONTEXT_REPLAY = 0x00400000 ASC_REQ_FRAGMENT_TO_FIT = 0x00800000 ASC_REQ_FRAGMENT_SUPPLIED = 0x00002000 ASC_REQ_NO_TOKEN = 0x01000000 ASC_RET_DELEGATE = 0x00000001 ASC_RET_MUTUAL_AUTH = 0x00000002 ASC_RET_REPLAY_DETECT = 0x00000004 ASC_RET_SEQUENCE_DETECT = 0x00000008 ASC_RET_CONFIDENTIALITY = 0x00000010 ASC_RET_USE_SESSION_KEY = 0x00000020 ASC_RET_ALLOCATED_MEMORY = 0x00000100 ASC_RET_USED_DCE_STYLE = 0x00000200 ASC_RET_DATAGRAM = 0x00000400 ASC_RET_CONNECTION = 0x00000800 ASC_RET_CALL_LEVEL = 0x00002000 ASC_RET_THIRD_LEG_FAILED = 0x00004000 ASC_RET_EXTENDED_ERROR = 0x00008000 ASC_RET_STREAM = 0x00010000 ASC_RET_INTEGRITY = 0x00020000 ASC_RET_LICENSING = 0x00040000 ASC_RET_IDENTIFY = 0x00080000 ASC_RET_NULL_SESSION = 0x00100000 ASC_RET_ALLOW_NON_USER_LOGONS = 0x00200000 ASC_RET_ALLOW_CONTEXT_REPLAY = 0x00400000 ASC_RET_FRAGMENT_ONLY = 0x00800000 SECPKG_CRED_ATTR_NAMES = 1 SECPKG_ATTR_SIZES = 0 SECPKG_ATTR_NAMES = 1 SECPKG_ATTR_LIFESPAN = 2 SECPKG_ATTR_DCE_INFO = 3 SECPKG_ATTR_STREAM_SIZES = 4 SECPKG_ATTR_KEY_INFO = 5 SECPKG_ATTR_AUTHORITY = 6 SECPKG_ATTR_PROTO_INFO = 7 SECPKG_ATTR_PASSWORD_EXPIRY = 8 SECPKG_ATTR_SESSION_KEY = 9 SECPKG_ATTR_PACKAGE_INFO = 10 SECPKG_ATTR_USER_FLAGS = 11 SECPKG_ATTR_NEGOTIATION_INFO = 12 SECPKG_ATTR_NATIVE_NAMES = 13 SECPKG_ATTR_FLAGS = 14 SECPKG_ATTR_USE_VALIDATED = 15 SECPKG_ATTR_CREDENTIAL_NAME = 16 SECPKG_ATTR_TARGET_INFORMATION = 17 SECPKG_ATTR_ACCESS_TOKEN = 18 SECPKG_ATTR_TARGET = 19 SECPKG_ATTR_AUTHENTICATION_ID = 20 ## attributes from schannel.h SECPKG_ATTR_REMOTE_CERT_CONTEXT = 83 SECPKG_ATTR_LOCAL_CERT_CONTEXT = 84 SECPKG_ATTR_ROOT_STORE = 85 SECPKG_ATTR_SUPPORTED_ALGS = 86 SECPKG_ATTR_CIPHER_STRENGTHS = 87 SECPKG_ATTR_SUPPORTED_PROTOCOLS = 88 SECPKG_ATTR_ISSUER_LIST_EX = 89 SECPKG_ATTR_CONNECTION_INFO = 90 SECPKG_ATTR_EAP_KEY_BLOCK = 91 SECPKG_ATTR_MAPPED_CRED_ATTR = 92 SECPKG_ATTR_SESSION_INFO = 93 SECPKG_ATTR_APP_DATA = 94 SECPKG_NEGOTIATION_COMPLETE = 0 SECPKG_NEGOTIATION_OPTIMISTIC = 1 SECPKG_NEGOTIATION_IN_PROGRESS = 2 SECPKG_NEGOTIATION_DIRECT = 3 SECPKG_NEGOTIATION_TRY_MULTICRED = 4 SECPKG_CONTEXT_EXPORT_RESET_NEW = 0x00000001 SECPKG_CONTEXT_EXPORT_DELETE_OLD = 0x00000002 SECQOP_WRAP_NO_ENCRYPT = (-2147483647) SECURITY_ENTRYPOINT_ANSIW = "InitSecurityInterfaceW" SECURITY_ENTRYPOINT_ANSIA = "InitSecurityInterfaceA" SECURITY_ENTRYPOINT16 = "INITSECURITYINTERFACEA" SECURITY_ENTRYPOINT_ANSI = SECURITY_ENTRYPOINT_ANSIW SECURITY_ENTRYPOINT_ANSI = SECURITY_ENTRYPOINT_ANSIA SECURITY_ENTRYPOINT = SECURITY_ENTRYPOINT16 SECURITY_ENTRYPOINT_ANSI = SECURITY_ENTRYPOINT16 SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION = 1 SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 = 2 SASL_OPTION_SEND_SIZE = 1 SASL_OPTION_RECV_SIZE = 2 SASL_OPTION_AUTHZ_STRING = 3 SASL_OPTION_AUTHZ_PROCESSING = 4 SEC_WINNT_AUTH_IDENTITY_ANSI = 0x1 SEC_WINNT_AUTH_IDENTITY_UNICODE = 0x2 SEC_WINNT_AUTH_IDENTITY_VERSION = 0x200 SEC_WINNT_AUTH_IDENTITY_MARSHALLED = 0x4 SEC_WINNT_AUTH_IDENTITY_ONLY = 0x8 SECPKG_OPTIONS_TYPE_UNKNOWN = 0 SECPKG_OPTIONS_TYPE_LSA = 1 SECPKG_OPTIONS_TYPE_SSPI = 2 SECPKG_OPTIONS_PERMANENT = 0x00000001 SEC_E_INSUFFICIENT_MEMORY = 0x80090300L SEC_E_INVALID_HANDLE = 0x80090301L SEC_E_UNSUPPORTED_FUNCTION = 0x80090302L SEC_E_TARGET_UNKNOWN = 0x80090303L SEC_E_INTERNAL_ERROR = 0x80090304L SEC_E_SECPKG_NOT_FOUND = 0x80090305L SEC_E_NOT_OWNER = 0x80090306L SEC_E_CANNOT_INSTALL = 0x80090307L SEC_E_INVALID_TOKEN = 0x80090308L SEC_E_CANNOT_PACK = 0x80090309L SEC_E_QOP_NOT_SUPPORTED = 0x8009030AL SEC_E_NO_IMPERSONATION = 0x8009030BL SEC_E_LOGON_DENIED = 0x8009030CL SEC_E_UNKNOWN_CREDENTIALS = 0x8009030DL SEC_E_NO_CREDENTIALS = 0x8009030EL SEC_E_MESSAGE_ALTERED = 0x8009030FL SEC_E_OUT_OF_SEQUENCE = 0x80090310L SEC_E_NO_AUTHENTICATING_AUTHORITY = 0x80090311L SEC_I_CONTINUE_NEEDED = 0x00090312L SEC_I_COMPLETE_NEEDED = 0x00090313L SEC_I_COMPLETE_AND_CONTINUE = 0x00090314L SEC_I_LOCAL_LOGON = 0x00090315L SEC_E_BAD_PKGID = 0x80090316L SEC_E_CONTEXT_EXPIRED = 0x80090317L SEC_I_CONTEXT_EXPIRED = 0x00090317L SEC_E_INCOMPLETE_MESSAGE = 0x80090318L SEC_E_INCOMPLETE_CREDENTIALS = 0x80090320L SEC_E_BUFFER_TOO_SMALL = 0x80090321L SEC_I_INCOMPLETE_CREDENTIALS = 0x00090320L SEC_I_RENEGOTIATE = 0x00090321L SEC_E_WRONG_PRINCIPAL = 0x80090322L SEC_I_NO_LSA_CONTEXT = 0x00090323L SEC_E_TIME_SKEW = 0x80090324L SEC_E_UNTRUSTED_ROOT = 0x80090325L SEC_E_ILLEGAL_MESSAGE = 0x80090326L SEC_E_CERT_UNKNOWN = 0x80090327L SEC_E_CERT_EXPIRED = 0x80090328L SEC_E_ENCRYPT_FAILURE = 0x80090329L SEC_E_DECRYPT_FAILURE = 0x80090330L SEC_E_ALGORITHM_MISMATCH = 0x80090331L SEC_E_SECURITY_QOS_FAILED = 0x80090332L SEC_E_UNFINISHED_CONTEXT_DELETED = 0x80090333L SEC_E_NO_TGT_REPLY = 0x80090334L SEC_E_NO_IP_ADDRESSES = 0x80090335L SEC_E_WRONG_CREDENTIAL_HANDLE = 0x80090336L SEC_E_CRYPTO_SYSTEM_INVALID = 0x80090337L SEC_E_MAX_REFERRALS_EXCEEDED = 0x80090338L SEC_E_MUST_BE_KDC = 0x80090339L SEC_E_STRONG_CRYPTO_NOT_SUPPORTED = 0x8009033AL SEC_E_TOO_MANY_PRINCIPALS = 0x8009033BL SEC_E_NO_PA_DATA = 0x8009033CL SEC_E_PKINIT_NAME_MISMATCH = 0x8009033DL SEC_E_SMARTCARD_LOGON_REQUIRED = 0x8009033EL SEC_E_SHUTDOWN_IN_PROGRESS = 0x8009033FL SEC_E_KDC_INVALID_REQUEST = 0x80090340L SEC_E_KDC_UNABLE_TO_REFER = 0x80090341L SEC_E_KDC_UNKNOWN_ETYPE = 0x80090342L SEC_E_UNSUPPORTED_PREAUTH = 0x80090343L SEC_E_DELEGATION_REQUIRED = 0x80090345L SEC_E_BAD_BINDINGS = 0x80090346L SEC_E_MULTIPLE_ACCOUNTS = 0x80090347L SEC_E_NO_KERB_KEY = 0x80090348L ERROR_IPSEC_QM_POLICY_EXISTS = 13000L ERROR_IPSEC_QM_POLICY_NOT_FOUND = 13001L ERROR_IPSEC_QM_POLICY_IN_USE = 13002L ERROR_IPSEC_MM_POLICY_EXISTS = 13003L ERROR_IPSEC_MM_POLICY_NOT_FOUND = 13004L ERROR_IPSEC_MM_POLICY_IN_USE = 13005L ERROR_IPSEC_MM_FILTER_EXISTS = 13006L ERROR_IPSEC_MM_FILTER_NOT_FOUND = 13007L ERROR_IPSEC_TRANSPORT_FILTER_EXISTS = 13008L ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND = 13009L ERROR_IPSEC_MM_AUTH_EXISTS = 13010L ERROR_IPSEC_MM_AUTH_NOT_FOUND = 13011L ERROR_IPSEC_MM_AUTH_IN_USE = 13012L ERROR_IPSEC_DEFAULT_MM_POLICY_NOT_FOUND = 13013L ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND = 13014L ERROR_IPSEC_DEFAULT_QM_POLICY_NOT_FOUND = 13015L ERROR_IPSEC_TUNNEL_FILTER_EXISTS = 13016L ERROR_IPSEC_TUNNEL_FILTER_NOT_FOUND = 13017L ERROR_IPSEC_MM_FILTER_PENDING_DELETION = 13018L ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION = 13019L ERROR_IPSEC_TUNNEL_FILTER_PENDING_DELETION = 13020L ERROR_IPSEC_MM_POLICY_PENDING_DELETION = 13021L ERROR_IPSEC_MM_AUTH_PENDING_DELETION = 13022L ERROR_IPSEC_QM_POLICY_PENDING_DELETION = 13023L WARNING_IPSEC_MM_POLICY_PRUNED = 13024L WARNING_IPSEC_QM_POLICY_PRUNED = 13025L ERROR_IPSEC_IKE_NEG_STATUS_BEGIN = 13800L ERROR_IPSEC_IKE_AUTH_FAIL = 13801L ERROR_IPSEC_IKE_ATTRIB_FAIL = 13802L ERROR_IPSEC_IKE_NEGOTIATION_PENDING = 13803L ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR = 13804L ERROR_IPSEC_IKE_TIMED_OUT = 13805L ERROR_IPSEC_IKE_NO_CERT = 13806L ERROR_IPSEC_IKE_SA_DELETED = 13807L ERROR_IPSEC_IKE_SA_REAPED = 13808L ERROR_IPSEC_IKE_MM_ACQUIRE_DROP = 13809L ERROR_IPSEC_IKE_QM_ACQUIRE_DROP = 13810L ERROR_IPSEC_IKE_QUEUE_DROP_MM = 13811L ERROR_IPSEC_IKE_QUEUE_DROP_NO_MM = 13812L ERROR_IPSEC_IKE_DROP_NO_RESPONSE = 13813L ERROR_IPSEC_IKE_MM_DELAY_DROP = 13814L ERROR_IPSEC_IKE_QM_DELAY_DROP = 13815L ERROR_IPSEC_IKE_ERROR = 13816L ERROR_IPSEC_IKE_CRL_FAILED = 13817L ERROR_IPSEC_IKE_INVALID_KEY_USAGE = 13818L ERROR_IPSEC_IKE_INVALID_CERT_TYPE = 13819L ERROR_IPSEC_IKE_NO_PRIVATE_KEY = 13820L ERROR_IPSEC_IKE_DH_FAIL = 13822L ERROR_IPSEC_IKE_INVALID_HEADER = 13824L ERROR_IPSEC_IKE_NO_POLICY = 13825L ERROR_IPSEC_IKE_INVALID_SIGNATURE = 13826L ERROR_IPSEC_IKE_KERBEROS_ERROR = 13827L ERROR_IPSEC_IKE_NO_PUBLIC_KEY = 13828L ERROR_IPSEC_IKE_PROCESS_ERR = 13829L ERROR_IPSEC_IKE_PROCESS_ERR_SA = 13830L ERROR_IPSEC_IKE_PROCESS_ERR_PROP = 13831L ERROR_IPSEC_IKE_PROCESS_ERR_TRANS = 13832L ERROR_IPSEC_IKE_PROCESS_ERR_KE = 13833L ERROR_IPSEC_IKE_PROCESS_ERR_ID = 13834L ERROR_IPSEC_IKE_PROCESS_ERR_CERT = 13835L ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ = 13836L ERROR_IPSEC_IKE_PROCESS_ERR_HASH = 13837L ERROR_IPSEC_IKE_PROCESS_ERR_SIG = 13838L ERROR_IPSEC_IKE_PROCESS_ERR_NONCE = 13839L ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY = 13840L ERROR_IPSEC_IKE_PROCESS_ERR_DELETE = 13841L ERROR_IPSEC_IKE_PROCESS_ERR_VENDOR = 13842L ERROR_IPSEC_IKE_INVALID_PAYLOAD = 13843L ERROR_IPSEC_IKE_LOAD_SOFT_SA = 13844L ERROR_IPSEC_IKE_SOFT_SA_TORN_DOWN = 13845L ERROR_IPSEC_IKE_INVALID_COOKIE = 13846L ERROR_IPSEC_IKE_NO_PEER_CERT = 13847L ERROR_IPSEC_IKE_PEER_CRL_FAILED = 13848L ERROR_IPSEC_IKE_POLICY_CHANGE = 13849L ERROR_IPSEC_IKE_NO_MM_POLICY = 13850L ERROR_IPSEC_IKE_NOTCBPRIV = 13851L ERROR_IPSEC_IKE_SECLOADFAIL = 13852L ERROR_IPSEC_IKE_FAILSSPINIT = 13853L ERROR_IPSEC_IKE_FAILQUERYSSP = 13854L ERROR_IPSEC_IKE_SRVACQFAIL = 13855L ERROR_IPSEC_IKE_SRVQUERYCRED = 13856L ERROR_IPSEC_IKE_GETSPIFAIL = 13857L ERROR_IPSEC_IKE_INVALID_FILTER = 13858L ERROR_IPSEC_IKE_OUT_OF_MEMORY = 13859L ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED = 13860L ERROR_IPSEC_IKE_INVALID_POLICY = 13861L ERROR_IPSEC_IKE_UNKNOWN_DOI = 13862L ERROR_IPSEC_IKE_INVALID_SITUATION = 13863L ERROR_IPSEC_IKE_DH_FAILURE = 13864L ERROR_IPSEC_IKE_INVALID_GROUP = 13865L ERROR_IPSEC_IKE_ENCRYPT = 13866L ERROR_IPSEC_IKE_DECRYPT = 13867L ERROR_IPSEC_IKE_POLICY_MATCH = 13868L ERROR_IPSEC_IKE_UNSUPPORTED_ID = 13869L ERROR_IPSEC_IKE_INVALID_HASH = 13870L ERROR_IPSEC_IKE_INVALID_HASH_ALG = 13871L ERROR_IPSEC_IKE_INVALID_HASH_SIZE = 13872L ERROR_IPSEC_IKE_INVALID_ENCRYPT_ALG = 13873L ERROR_IPSEC_IKE_INVALID_AUTH_ALG = 13874L ERROR_IPSEC_IKE_INVALID_SIG = 13875L ERROR_IPSEC_IKE_LOAD_FAILED = 13876L ERROR_IPSEC_IKE_RPC_DELETE = 13877L ERROR_IPSEC_IKE_BENIGN_REINIT = 13878L ERROR_IPSEC_IKE_INVALID_RESPONDER_LIFETIME_NOTIFY = 13879L ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN = 13881L ERROR_IPSEC_IKE_MM_LIMIT = 13882L ERROR_IPSEC_IKE_NEGOTIATION_DISABLED = 13883L ERROR_IPSEC_IKE_NEG_STATUS_END = 13884L CRYPT_E_MSG_ERROR = ((-2146889727)) CRYPT_E_UNKNOWN_ALGO = ((-2146889726)) CRYPT_E_OID_FORMAT = ((-2146889725)) CRYPT_E_INVALID_MSG_TYPE = ((-2146889724)) CRYPT_E_UNEXPECTED_ENCODING = ((-2146889723)) CRYPT_E_AUTH_ATTR_MISSING = ((-2146889722)) CRYPT_E_HASH_VALUE = ((-2146889721)) CRYPT_E_INVALID_INDEX = ((-2146889720)) CRYPT_E_ALREADY_DECRYPTED = ((-2146889719)) CRYPT_E_NOT_DECRYPTED = ((-2146889718)) CRYPT_E_RECIPIENT_NOT_FOUND = ((-2146889717)) CRYPT_E_CONTROL_TYPE = ((-2146889716)) CRYPT_E_ISSUER_SERIALNUMBER = ((-2146889715)) CRYPT_E_SIGNER_NOT_FOUND = ((-2146889714)) CRYPT_E_ATTRIBUTES_MISSING = ((-2146889713)) CRYPT_E_STREAM_MSG_NOT_READY = ((-2146889712)) CRYPT_E_STREAM_INSUFFICIENT_DATA = ((-2146889711)) CRYPT_I_NEW_PROTECTION_REQUIRED = (0x00091012L) CRYPT_E_BAD_LEN = ((-2146885631)) CRYPT_E_BAD_ENCODE = ((-2146885630)) CRYPT_E_FILE_ERROR = ((-2146885629)) CRYPT_E_NOT_FOUND = ((-2146885628)) CRYPT_E_EXISTS = ((-2146885627)) CRYPT_E_NO_PROVIDER = ((-2146885626)) CRYPT_E_SELF_SIGNED = ((-2146885625)) CRYPT_E_DELETED_PREV = ((-2146885624)) CRYPT_E_NO_MATCH = ((-2146885623)) CRYPT_E_UNEXPECTED_MSG_TYPE = ((-2146885622)) CRYPT_E_NO_KEY_PROPERTY = ((-2146885621)) CRYPT_E_NO_DECRYPT_CERT = ((-2146885620)) CRYPT_E_BAD_MSG = ((-2146885619)) CRYPT_E_NO_SIGNER = ((-2146885618)) CRYPT_E_PENDING_CLOSE = ((-2146885617)) CRYPT_E_REVOKED = ((-2146885616)) CRYPT_E_NO_REVOCATION_DLL = ((-2146885615)) CRYPT_E_NO_REVOCATION_CHECK = ((-2146885614)) CRYPT_E_REVOCATION_OFFLINE = ((-2146885613)) CRYPT_E_NOT_IN_REVOCATION_DATABASE = ((-2146885612)) CRYPT_E_INVALID_NUMERIC_STRING = ((-2146885600)) CRYPT_E_INVALID_PRINTABLE_STRING = ((-2146885599)) CRYPT_E_INVALID_IA5_STRING = ((-2146885598)) CRYPT_E_INVALID_X500_STRING = ((-2146885597)) CRYPT_E_NOT_CHAR_STRING = ((-2146885596)) CRYPT_E_FILERESIZED = ((-2146885595)) CRYPT_E_SECURITY_SETTINGS = ((-2146885594)) CRYPT_E_NO_VERIFY_USAGE_DLL = ((-2146885593)) CRYPT_E_NO_VERIFY_USAGE_CHECK = ((-2146885592)) CRYPT_E_VERIFY_USAGE_OFFLINE = ((-2146885591)) CRYPT_E_NOT_IN_CTL = ((-2146885590)) CRYPT_E_NO_TRUSTED_SIGNER = ((-2146885589)) CRYPT_E_MISSING_PUBKEY_PARA = ((-2146885588)) CRYPT_E_OSS_ERROR = ((-2146881536)) ## Kerberos message types for LsaCallAuthenticationPackage (from ntsecapi.h) KerbDebugRequestMessage = 0 KerbQueryTicketCacheMessage = 1 KerbChangeMachinePasswordMessage = 2 KerbVerifyPacMessage = 3 KerbRetrieveTicketMessage = 4 KerbUpdateAddressesMessage = 5 KerbPurgeTicketCacheMessage = 6 KerbChangePasswordMessage = 7 KerbRetrieveEncodedTicketMessage = 8 KerbDecryptDataMessage = 9 KerbAddBindingCacheEntryMessage = 10 KerbSetPasswordMessage = 11 KerbSetPasswordExMessage = 12 KerbVerifyCredentialsMessage = 13 KerbQueryTicketCacheExMessage = 14 KerbPurgeTicketCacheExMessage = 15 KerbRefreshSmartcardCredentialsMessage = 16 KerbAddExtraCredentialsMessage = 17 KerbQuerySupplementalCredentialsMessage = 18 ## messages used with msv1_0 from ntsecapi.h MsV1_0Lm20ChallengeRequest = 0 MsV1_0Lm20GetChallengeResponse = 1 MsV1_0EnumerateUsers = 2 MsV1_0GetUserInfo = 3 MsV1_0ReLogonUsers = 4 MsV1_0ChangePassword = 5 MsV1_0ChangeCachedPassword = 6 MsV1_0GenericPassthrough = 7 MsV1_0CacheLogon = 8 MsV1_0SubAuth = 9 MsV1_0DeriveCredential = 10 MsV1_0CacheLookup = 11 MsV1_0SetProcessOption = 12 |
