From 1e2b0be24a1d8aade837003521f8a807e2fd900d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Marc-Andr=C3=A9=20Moreau?= Date: Thu, 23 Feb 2012 15:56:50 -0500 Subject: [PATCH] libfreerdp-auth: split NTLM package, implement AcquireCredentialsHandle --- cunit/test_sspi.c | 47 ++++++++---- cunit/test_sspi.h | 1 + include/freerdp/auth/sspi.h | 148 ++++++++++++++++++++++++++++++++++++++ libfreerdp-auth/CMakeLists.txt | 3 + libfreerdp-auth/NTLM/ntlm.c | 157 +++++++++++++++++++++++++++++++++++++++++ libfreerdp-auth/NTLM/ntlm.h | 32 +++++++++ libfreerdp-auth/ntlmssp.c | 59 +--------------- libfreerdp-auth/sspi.c | 137 ++++++++++++++++++++++++++++++++++- libfreerdp-auth/sspi.h | 43 +++++++++++ 9 files changed, 556 insertions(+), 71 deletions(-) create mode 100644 libfreerdp-auth/NTLM/ntlm.c create mode 100644 libfreerdp-auth/NTLM/ntlm.h create mode 100644 libfreerdp-auth/sspi.h diff --git a/cunit/test_sspi.c b/cunit/test_sspi.c index 4c151fe..2cd4d23 100644 --- a/cunit/test_sspi.c +++ b/cunit/test_sspi.c @@ -44,6 +44,7 @@ int add_sspi_suite(void) add_test_function(EnumerateSecurityPackages); add_test_function(QuerySecurityPackageInfo); add_test_function(AcquireCredentialsHandle); + add_test_function(InitializeSecurityContext); return 0; } @@ -95,6 +96,7 @@ void test_AcquireCredentialsHandle(void) SEC_TIMESTAMP expiration; SEC_AUTH_IDENTITY identity; SECURITY_FUNCTION_TABLE* table; + SEC_PKG_CREDENTIALS_NAMES credential_names; table = InitSecurityInterface(); @@ -111,24 +113,45 @@ void test_AcquireCredentialsHandle(void) if (status == SEC_E_OK) { + status = table->QueryCredentialsAttributes(&credentials, SECPKG_CRED_ATTR_NAMES, &credential_names); + if (status == SEC_E_OK) + { + printf("\nQueryCredentialsAttributes: %s\n", credential_names.sUserName); + } } } +void test_InitializeSecurityContext(void) +{ + uint32 fContextReq; + CTXT_HANDLE context; + uint32 pfContextAttr; + SECURITY_STATUS status; + CRED_HANDLE credentials; + SEC_TIMESTAMP expiration; + SEC_AUTH_IDENTITY identity; + SECURITY_FUNCTION_TABLE* table; + SEC_BUFFER_DESC sec_output_buffer; + table = InitSecurityInterface(); + identity.User = (uint16*) xstrdup(test_User); + identity.UserLength = sizeof(test_User); + identity.Domain = (uint16*) xstrdup(test_Domain); + identity.DomainLength = sizeof(test_Domain); + identity.Password = (uint16*) xstrdup(test_Password); + identity.PasswordLength = sizeof(test_Password); + identity.Flags = SEC_AUTH_IDENTITY_ANSI; + status = table->AcquireCredentialsHandle(NULL, NTLM_PACKAGE_NAME, + SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration); + if (status == SEC_E_OK) + { + fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_DELEGATE; - - - - - - - - - - - - + table->InitializeSecurityContext(&credentials, NULL, NULL, fContextReq, 0, 0, NULL, 0, + &context, &sec_output_buffer, &pfContextAttr, &expiration); + } +} diff --git a/cunit/test_sspi.h b/cunit/test_sspi.h index bcec0fa..81def91 100644 --- a/cunit/test_sspi.h +++ b/cunit/test_sspi.h @@ -26,3 +26,4 @@ int add_sspi_suite(void); void test_EnumerateSecurityPackages(void); void test_QuerySecurityPackageInfo(void); void test_AcquireCredentialsHandle(void); +void test_InitializeSecurityContext(void); diff --git a/include/freerdp/auth/sspi.h b/include/freerdp/auth/sspi.h index fa11f47..48efcdd 100644 --- a/include/freerdp/auth/sspi.h +++ b/include/freerdp/auth/sspi.h @@ -142,6 +142,154 @@ typedef uint32 SECURITY_STATUS; #define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010 #define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020 +/* Security Context Attributes */ + +#define SECPKG_ATTR_SIZES 0 +#define SECPKG_ATTR_NAMES 1 +#define SECPKG_ATTR_LIFESPAN 2 +#define SECPKG_ATTR_DCE_INFO 3 +#define SECPKG_ATTR_STREAM_SIZES 4 +#define SECPKG_ATTR_KEY_INFO 5 +#define SECPKG_ATTR_AUTHORITY 6 +#define SECPKG_ATTR_PROTO_INFO 7 +#define SECPKG_ATTR_PASSWORD_EXPIRY 8 +#define SECPKG_ATTR_SESSION_KEY 9 +#define SECPKG_ATTR_PACKAGE_INFO 10 +#define SECPKG_ATTR_USER_FLAGS 11 +#define SECPKG_ATTR_NEGOTIATION_INFO 12 +#define SECPKG_ATTR_NATIVE_NAMES 13 +#define SECPKG_ATTR_FLAGS 14 +#define SECPKG_ATTR_USE_VALIDATED 15 +#define SECPKG_ATTR_CREDENTIAL_NAME 16 +#define SECPKG_ATTR_TARGET_INFORMATION 17 +#define SECPKG_ATTR_ACCESS_TOKEN 18 +#define SECPKG_ATTR_TARGET 19 +#define SECPKG_ATTR_AUTHENTICATION_ID 20 +#define SECPKG_ATTR_LOGOFF_TIME 21 +#define SECPKG_ATTR_NEGO_KEYS 22 +#define SECPKG_ATTR_PROMPTING_NEEDED 24 +#define SECPKG_ATTR_UNIQUE_BINDINGS 25 +#define SECPKG_ATTR_ENDPOINT_BINDINGS 26 +#define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27 +#define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30 +#define SECPKG_ATTR_NEGO_PKG_INFO 31 +#define SECPKG_ATTR_NEGO_STATUS 32 +#define SECPKG_ATTR_CONTEXT_DELETED 33 + +/* Security Credentials Attributes */ + +#define SECPKG_CRED_ATTR_NAMES 1 + +struct _SEC_PKG_CREDENTIALS_NAMES +{ + char* sUserName; +}; +typedef struct _SEC_PKG_CREDENTIALS_NAMES SEC_PKG_CREDENTIALS_NAMES; + +/* InitializeSecurityContext Flags */ + +#define ISC_REQ_DELEGATE 0x00000001 +#define ISC_REQ_MUTUAL_AUTH 0x00000002 +#define ISC_REQ_REPLAY_DETECT 0x00000004 +#define ISC_REQ_SEQUENCE_DETECT 0x00000008 +#define ISC_REQ_CONFIDENTIALITY 0x00000010 +#define ISC_REQ_USE_SESSION_KEY 0x00000020 +#define ISC_REQ_PROMPT_FOR_CREDS 0x00000040 +#define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080 +#define ISC_REQ_ALLOCATE_MEMORY 0x00000100 +#define ISC_REQ_USE_DCE_STYLE 0x00000200 +#define ISC_REQ_DATAGRAM 0x00000400 +#define ISC_REQ_CONNECTION 0x00000800 +#define ISC_REQ_CALL_LEVEL 0x00001000 +#define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000 +#define ISC_REQ_EXTENDED_ERROR 0x00004000 +#define ISC_REQ_STREAM 0x00008000 +#define ISC_REQ_INTEGRITY 0x00010000 +#define ISC_REQ_IDENTIFY 0x00020000 +#define ISC_REQ_NULL_SESSION 0x00040000 +#define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000 +#define ISC_REQ_RESERVED1 0x00100000 +#define ISC_REQ_FRAGMENT_TO_FIT 0x00200000 +#define ISC_REQ_FORWARD_CREDENTIALS 0x00400000 +#define ISC_REQ_NO_INTEGRITY 0x00800000 +#define ISC_REQ_USE_HTTP_STYLE 0x01000000 + +#define ISC_RET_DELEGATE 0x00000001 +#define ISC_RET_MUTUAL_AUTH 0x00000002 +#define ISC_RET_REPLAY_DETECT 0x00000004 +#define ISC_RET_SEQUENCE_DETECT 0x00000008 +#define ISC_RET_CONFIDENTIALITY 0x00000010 +#define ISC_RET_USE_SESSION_KEY 0x00000020 +#define ISC_RET_USED_COLLECTED_CREDS 0x00000040 +#define ISC_RET_USED_SUPPLIED_CREDS 0x00000080 +#define ISC_RET_ALLOCATED_MEMORY 0x00000100 +#define ISC_RET_USED_DCE_STYLE 0x00000200 +#define ISC_RET_DATAGRAM 0x00000400 +#define ISC_RET_CONNECTION 0x00000800 +#define ISC_RET_INTERMEDIATE_RETURN 0x00001000 +#define ISC_RET_CALL_LEVEL 0x00002000 +#define ISC_RET_EXTENDED_ERROR 0x00004000 +#define ISC_RET_STREAM 0x00008000 +#define ISC_RET_INTEGRITY 0x00010000 +#define ISC_RET_IDENTIFY 0x00020000 +#define ISC_RET_NULL_SESSION 0x00040000 +#define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000 +#define ISC_RET_RESERVED1 0x00100000 +#define ISC_RET_FRAGMENT_ONLY 0x00200000 +#define ISC_RET_FORWARD_CREDENTIALS 0x00400000 +#define ISC_RET_USED_HTTP_STYLE 0x01000000 + +/* AcceptSecurityContext Flags */ + +#define ASC_REQ_DELEGATE 0x00000001 +#define ASC_REQ_MUTUAL_AUTH 0x00000002 +#define ASC_REQ_REPLAY_DETECT 0x00000004 +#define ASC_REQ_SEQUENCE_DETECT 0x00000008 +#define ASC_REQ_CONFIDENTIALITY 0x00000010 +#define ASC_REQ_USE_SESSION_KEY 0x00000020 +#define ASC_REQ_ALLOCATE_MEMORY 0x00000100 +#define ASC_REQ_USE_DCE_STYLE 0x00000200 +#define ASC_REQ_DATAGRAM 0x00000400 +#define ASC_REQ_CONNECTION 0x00000800 +#define ASC_REQ_CALL_LEVEL 0x00001000 +#define ASC_REQ_EXTENDED_ERROR 0x00008000 +#define ASC_REQ_STREAM 0x00010000 +#define ASC_REQ_INTEGRITY 0x00020000 +#define ASC_REQ_LICENSING 0x00040000 +#define ASC_REQ_IDENTIFY 0x00080000 +#define ASC_REQ_ALLOW_NULL_SESSION 0x00100000 +#define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000 +#define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000 +#define ASC_REQ_FRAGMENT_TO_FIT 0x00800000 +#define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000 +#define ASC_REQ_NO_TOKEN 0x01000000 +#define ASC_REQ_PROXY_BINDINGS 0x04000000 +#define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000 + +#define ASC_RET_DELEGATE 0x00000001 +#define ASC_RET_MUTUAL_AUTH 0x00000002 +#define ASC_RET_REPLAY_DETECT 0x00000004 +#define ASC_RET_SEQUENCE_DETECT 0x00000008 +#define ASC_RET_CONFIDENTIALITY 0x00000010 +#define ASC_RET_USE_SESSION_KEY 0x00000020 +#define ASC_RET_ALLOCATED_MEMORY 0x00000100 +#define ASC_RET_USED_DCE_STYLE 0x00000200 +#define ASC_RET_DATAGRAM 0x00000400 +#define ASC_RET_CONNECTION 0x00000800 +#define ASC_RET_CALL_LEVEL 0x00002000 +#define ASC_RET_THIRD_LEG_FAILED 0x00004000 +#define ASC_RET_EXTENDED_ERROR 0x00008000 +#define ASC_RET_STREAM 0x00010000 +#define ASC_RET_INTEGRITY 0x00020000 +#define ASC_RET_LICENSING 0x00040000 +#define ASC_RET_IDENTIFY 0x00080000 +#define ASC_RET_NULL_SESSION 0x00100000 +#define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000 +#define ASC_RET_FRAGMENT_ONLY 0x00800000 +#define ASC_RET_NO_TOKEN 0x01000000 +#define ASC_RET_NO_PROXY_BINDINGS 0x04000000 +#define ASC_RET_MISSING_BINDINGS 0x10000000 + struct _SEC_PKG_INFO { uint32 fCapabilities; diff --git a/libfreerdp-auth/CMakeLists.txt b/libfreerdp-auth/CMakeLists.txt index d89a08e..a230e2a 100644 --- a/libfreerdp-auth/CMakeLists.txt +++ b/libfreerdp-auth/CMakeLists.txt @@ -18,7 +18,10 @@ # limitations under the License. set(FREERDP_AUTH_SRCS + NTLM/ntlm.c + NTLM/ntlm.h sspi.c + sspi.h credssp.c ntlmssp.c) diff --git a/libfreerdp-auth/NTLM/ntlm.c b/libfreerdp-auth/NTLM/ntlm.c new file mode 100644 index 0000000..e914cc6 --- /dev/null +++ b/libfreerdp-auth/NTLM/ntlm.c @@ -0,0 +1,157 @@ +/** + * FreeRDP: A Remote Desktop Protocol Implementation + * NTLM Security Package + * + * Copyright 2011-2012 Marc-Andre Moreau + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "ntlm.h" +#include "../sspi.h" + +char* NTLM_PACKAGE_NAME = "NTLM"; + +NTLM_CONTEXT* ntlm_ContextNew() +{ + NTLM_CONTEXT* context; + + context = xnew(NTLM_CONTEXT); + + if (context != NULL) + { + + } + + return context; +} + +void ntlm_ContextFree(NTLM_CONTEXT* context) +{ + if (!context) + return; + + xfree(context); +} + +SECURITY_STATUS ntlm_AcquireCredentialsHandle(char* pszPrincipal, char* pszPackage, + uint32 fCredentialUse, void* pvLogonID, void* pAuthData, void* pGetKeyFn, + void* pvGetKeyArgument, CRED_HANDLE* phCredential, SEC_TIMESTAMP* ptsExpiry) +{ + CREDENTIALS* credentials; + SEC_AUTH_IDENTITY* identity; + + if (fCredentialUse == SECPKG_CRED_OUTBOUND) + { + credentials = sspi_CredentialsNew(); + identity = (SEC_AUTH_IDENTITY*) pAuthData; + + memcpy(&(credentials->identity), identity, sizeof(SEC_AUTH_IDENTITY)); + + sspi_SecureHandleSetLowerPointer(phCredential, (void*) credentials); + sspi_SecureHandleSetUpperPointer(phCredential, (void*) NTLM_PACKAGE_NAME); + + return SEC_E_OK; + } + + return SEC_E_OK; +} + +SECURITY_STATUS ntlm_QueryCredentialsAttributes(CRED_HANDLE* phCredential, uint32 ulAttribute, void* pBuffer) +{ + if (ulAttribute == SECPKG_CRED_ATTR_NAMES) + { + CREDENTIALS* credentials; + SEC_PKG_CREDENTIALS_NAMES* credential_names = (SEC_PKG_CREDENTIALS_NAMES*) pBuffer; + + credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential); + + if (credentials->identity.Flags == SEC_AUTH_IDENTITY_ANSI) + credential_names->sUserName = xstrdup((char*) credentials->identity.User); + + return SEC_E_OK; + } + + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375512/ */ + +SECURITY_STATUS ntlm_InitializeSecurityContext(CRED_HANDLE* phCredential, CTXT_HANDLE* phContext, + char* pszTargetName, uint32 fContextReq, uint32 Reserved1, uint32 TargetDataRep, + SEC_BUFFER_DESC* pInput, uint32 Reserved2, CTXT_HANDLE* phNewContext, + SEC_BUFFER_DESC* pOutput, uint32* pfContextAttr, SEC_TIMESTAMP* ptsExpiry) +{ + return SEC_E_OK; +} + +/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa379337/ */ + +SECURITY_STATUS ntlm_QueryContextAttributes(CTXT_HANDLE* phContext, uint32 ulAttribute, void* pBuffer) +{ + return SEC_E_OK; +} + +const SEC_PKG_INFO NTLM_SEC_PKG_INFO = +{ + 0x00082B37, /* fCapabilities */ + 1, /* wVersion */ + 0x000A, /* wRPCID */ + 0x00000B48, /* cbMaxToken */ + "NTLM", /* Name */ + "NTLM Security Package" /* Comment */ +}; + +const SECURITY_FUNCTION_TABLE NTLM_SECURITY_FUNCTION_TABLE = +{ + 1, /* dwVersion */ + NULL, /* EnumerateSecurityPackages */ + NULL, /* Reserved1 */ + ntlm_QueryCredentialsAttributes, /* QueryCredentialsAttributes */ + ntlm_AcquireCredentialsHandle, /* AcquireCredentialsHandle */ + NULL, /* FreeCredentialsHandle */ + NULL, /* Reserved2 */ + ntlm_InitializeSecurityContext, /* InitializeSecurityContext */ + NULL, /* AcceptSecurityContext */ + NULL, /* CompleteAuthToken */ + NULL, /* DeleteSecurityContext */ + NULL, /* ApplyControlToken */ + ntlm_QueryContextAttributes, /* QueryContextAttributes */ + NULL, /* ImpersonateSecurityContext */ + NULL, /* RevertSecurityContext */ + NULL, /* MakeSignature */ + NULL, /* VerifySignature */ + NULL, /* FreeContextBuffer */ + NULL, /* QuerySecurityPackageInfo */ + NULL, /* Reserved3 */ + NULL, /* Reserved4 */ + NULL, /* ExportSecurityContext */ + NULL, /* ImportSecurityContext */ + NULL, /* AddCredentials */ + NULL, /* Reserved8 */ + NULL, /* QuerySecurityContextToken */ + NULL, /* EncryptMessage */ + NULL, /* DecryptMessage */ + NULL, /* SetContextAttributes */ +}; diff --git a/libfreerdp-auth/NTLM/ntlm.h b/libfreerdp-auth/NTLM/ntlm.h new file mode 100644 index 0000000..21d46d3 --- /dev/null +++ b/libfreerdp-auth/NTLM/ntlm.h @@ -0,0 +1,32 @@ +/** + * FreeRDP: A Remote Desktop Protocol Implementation + * NTLM Security Package + * + * Copyright 2011-2012 Marc-Andre Moreau + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#ifndef FREERDP_AUTH_NTLM_PRIVATE_H +#define FREERDP_AUTH_NTLM_PRIVATE_H + +struct _NTLM_CONTEXT +{ + SEC_AUTH_IDENTITY identity; +}; +typedef struct _NTLM_CONTEXT NTLM_CONTEXT; + +#endif /* FREERDP_AUTH_NTLM_PRIVATE_H */ diff --git a/libfreerdp-auth/ntlmssp.c b/libfreerdp-auth/ntlmssp.c index 8e89e59..a138337 100644 --- a/libfreerdp-auth/ntlmssp.c +++ b/libfreerdp-auth/ntlmssp.c @@ -28,6 +28,8 @@ #include #include +#include "sspi.h" + #include #define NTLMSSP_NEGOTIATE_56 0x80000000 /* W (0) */ @@ -2224,60 +2226,3 @@ void ntlmssp_free(NTLMSSP* ntlmssp) crypto_rc4_free(ntlmssp->recv_rc4_seal); xfree(ntlmssp); } - -/* SSPI */ - -SECURITY_STATUS ntlm_AcquireCredentialsHandle(char* pszPrincipal, char* pszPackage, - uint32 fCredentialUse, void* pvLogonID, void* pAuthData, void* pGetKeyFn, - void* pvGetKeyArgument, CRED_HANDLE* phCredential, SEC_TIMESTAMP* ptsExpiry) -{ - if (fCredentialUse == SECPKG_CRED_OUTBOUND) - { - - } - - return SEC_E_OK; -} - -const SEC_PKG_INFO NTLM_SEC_PKG_INFO = -{ - 0x00082B37, /* fCapabilities */ - 1, /* wVersion */ - 0x000A, /* wRPCID */ - 0x00000B48, /* cbMaxToken */ - "NTLM", /* Name */ - "NTLM Security Package" /* Comment */ -}; - -const SECURITY_FUNCTION_TABLE NTLM_SECURITY_FUNCTION_TABLE = -{ - 1, /* dwVersion */ - NULL, /* EnumerateSecurityPackages */ - NULL, /* Reserved1 */ - NULL, /* QueryCredentialsAttributes */ - ntlm_AcquireCredentialsHandle, /* AcquireCredentialsHandle */ - NULL, /* FreeCredentialsHandle */ - NULL, /* Reserved2 */ - NULL, /* InitializeSecurityContext */ - NULL, /* AcceptSecurityContext */ - NULL, /* CompleteAuthToken */ - NULL, /* DeleteSecurityContext */ - NULL, /* ApplyControlToken */ - NULL, /* QueryContextAttributes */ - NULL, /* ImpersonateSecurityContext */ - NULL, /* RevertSecurityContext */ - NULL, /* MakeSignature */ - NULL, /* VerifySignature */ - NULL, /* FreeContextBuffer */ - NULL, /* QuerySecurityPackageInfo */ - NULL, /* Reserved3 */ - NULL, /* Reserved4 */ - NULL, /* ExportSecurityContext */ - NULL, /* ImportSecurityContext */ - NULL, /* AddCredentials */ - NULL, /* Reserved8 */ - NULL, /* QuerySecurityContextToken */ - NULL, /* EncryptMessage */ - NULL, /* DecryptMessage */ - NULL, /* SetContextAttributes */ -}; diff --git a/libfreerdp-auth/sspi.c b/libfreerdp-auth/sspi.c index ef02e58..625532b 100644 --- a/libfreerdp-auth/sspi.c +++ b/libfreerdp-auth/sspi.c @@ -21,6 +21,8 @@ #include +#include "sspi.h" + /* Authentication Functions: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731/ */ extern const SEC_PKG_INFO NTLM_SEC_PKG_INFO; @@ -52,6 +54,91 @@ const SECURITY_FUNCTION_TABLE_NAME SECURITY_FUNCTION_TABLE_NAME_LIST[] = #define SEC_HANDLE_LOWER_MAX 0xFFFFFFFF #define SEC_HANDLE_UPPER_MAX 0xFFFFFFFE +CREDENTIALS* sspi_CredentialsNew() +{ + CREDENTIALS* credentials; + + credentials = xnew(CREDENTIALS); + + if (credentials != NULL) + { + + } + + return credentials; +} + +void sspi_CredentialsFree(CREDENTIALS* credentials) +{ + if (!credentials) + return; + + xfree(credentials); +} + +SEC_HANDLE* sspi_SecureHandleAlloc() +{ + SEC_HANDLE* handle = xmalloc(sizeof(SEC_HANDLE)); + memset(handle, 0xFF, sizeof(SEC_HANDLE)); + return handle; +} + +void sspi_SecureHandleInvalidate(SEC_HANDLE* handle) +{ + if (!handle) + return; + + memset(handle, 0xFF, sizeof(SEC_HANDLE)); +} + +void* sspi_SecureHandleGetLowerPointer(SEC_HANDLE* handle) +{ + void* pointer; + + if (!handle) + return NULL; + + pointer = (void*) ~((size_t) handle->dwLower); + + return pointer; +} + +void sspi_SecureHandleSetLowerPointer(SEC_HANDLE* handle, void* pointer) +{ + if (!handle) + return; + + handle->dwLower = (uint32*) (~((size_t) pointer)); +} + +void* sspi_SecureHandleGetUpperPointer(SEC_HANDLE* handle) +{ + void* pointer; + + if (!handle) + return NULL; + + pointer = (void*) ~((size_t) handle->dwUpper); + + return pointer; +} + +void sspi_SecureHandleSetUpperPointer(SEC_HANDLE* handle, void* pointer) +{ + if (!handle) + return; + + handle->dwUpper = (uint32*) (~((size_t) pointer)); +} + +void sspi_SecureHandleFree(SEC_HANDLE* handle) +{ + if (!handle) + return; + + xfree(handle); +} + SECURITY_FUNCTION_TABLE* sspi_GetSecurityFunctionTableByName(const char* Name) { int index; @@ -228,6 +315,18 @@ SECURITY_STATUS ExportSecurityContext(CTXT_HANDLE* phContext, uint32 fFlags, SEC SECURITY_STATUS FreeCredentialsHandle(CRED_HANDLE* phCredential) { + CREDENTIALS* credentials; + + if (!phCredential) + return SEC_E_INVALID_HANDLE; + + credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential); + + if (!credentials) + return SEC_E_INVALID_HANDLE; + + sspi_CredentialsFree(credentials); + return SEC_E_OK; } @@ -238,7 +337,23 @@ SECURITY_STATUS ImportSecurityContext(char* pszPackage, SEC_BUFFER* pPackedConte SECURITY_STATUS QueryCredentialsAttributes(CRED_HANDLE* phCredential, uint32 ulAttribute, void* pBuffer) { - return SEC_E_OK; + char* Name; + SECURITY_STATUS status; + SECURITY_FUNCTION_TABLE* table; + + Name = (char*) sspi_SecureHandleGetUpperPointer(phCredential); + + if (!Name) + return SEC_E_SECPKG_NOT_FOUND; + + table = sspi_GetSecurityFunctionTableByName(Name); + + if (!table) + return SEC_E_SECPKG_NOT_FOUND; + + status = table->QueryCredentialsAttributes(phCredential, ulAttribute, pBuffer); + + return status; } /* Context Management */ @@ -283,7 +398,25 @@ SECURITY_STATUS InitializeSecurityContext(CRED_HANDLE* phCredential, CTXT_HANDLE SEC_BUFFER_DESC* pInput, uint32 Reserved2, CTXT_HANDLE* phNewContext, SEC_BUFFER_DESC* pOutput, uint32* pfContextAttr, SEC_TIMESTAMP* ptsExpiry) { - return SEC_E_OK; + char* Name; + SECURITY_STATUS status; + SECURITY_FUNCTION_TABLE* table; + + Name = (char*) sspi_SecureHandleGetUpperPointer(phCredential); + + if (!Name) + return SEC_E_SECPKG_NOT_FOUND; + + table = sspi_GetSecurityFunctionTableByName(Name); + + if (!table) + return SEC_E_SECPKG_NOT_FOUND; + + status = table->InitializeSecurityContext(phCredential, phContext, + pszTargetName, fContextReq, Reserved1, TargetDataRep, + pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry); + + return status; } SECURITY_STATUS QueryContextAttributes(CTXT_HANDLE* phContext, uint32 ulAttribute, void* pBuffer) diff --git a/libfreerdp-auth/sspi.h b/libfreerdp-auth/sspi.h new file mode 100644 index 0000000..6ea46c5 --- /dev/null +++ b/libfreerdp-auth/sspi.h @@ -0,0 +1,43 @@ +/** + * FreeRDP: A Remote Desktop Protocol Implementation + * Security Support Provider Interface (SSPI) + * + * Copyright 2012 Marc-Andre Moreau + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FREERDP_AUTH_SSPI_PRIVATE_H +#define FREERDP_AUTH_SSPI_PRIVATE_H + +#include +#include + +struct _CREDENTIALS +{ + SEC_AUTH_IDENTITY identity; +}; +typedef struct _CREDENTIALS CREDENTIALS; + +CREDENTIALS* sspi_CredentialsNew(); +void sspi_CredentialsFree(CREDENTIALS* credentials); + +SEC_HANDLE* sspi_SecureHandleAlloc(); +void sspi_SecureHandleInvalidate(SEC_HANDLE* handle); +void* sspi_SecureHandleGetLowerPointer(SEC_HANDLE* handle); +void sspi_SecureHandleSetLowerPointer(SEC_HANDLE* handle, void* pointer); +void* sspi_SecureHandleGetUpperPointer(SEC_HANDLE* handle); +void sspi_SecureHandleSetUpperPointer(SEC_HANDLE* handle, void* pointer); +void sspi_SecureHandleFree(SEC_HANDLE* handle); + +#endif /* FREERDP_AUTH_SSPI_PRIVATE_H */ -- 2.7.4