From e0a9999fb2095b3427668627ea61a4658afdfe5c Mon Sep 17 00:00:00 2001 From: dodo040 Date: Mon, 3 Jul 2017 12:47:56 +0200 Subject: [PATCH] fix: GSS API init, enterprise name management, variable names and format code --- CMakeLists.txt | 4 +- libfreerdp/core/gateway/ntlm.c | 84 +-- libfreerdp/core/nla.h | 12 +- winpr/include/winpr/sspi.h | 239 ++++--- winpr/libwinpr/sspi/Kerberos/kerberos.c | 19 +- winpr/libwinpr/sspi/NTLM/ntlm.c | 15 +- winpr/libwinpr/sspi/Negotiate/negotiate.c | 81 ++- winpr/libwinpr/sspi/Negotiate/negotiate.h | 8 +- winpr/libwinpr/sspi/sspi.h | 56 +- winpr/libwinpr/sspi/sspi_gss.c | 784 +++++++++++++++------ winpr/libwinpr/sspi/sspi_gss.h | 3 + winpr/libwinpr/sspi/sspi_winpr.c | 1 + .../sspi/test/TestAcquireCredentialsHandle.c | 11 +- .../sspi/test/TestInitializeSecurityContext.c | 33 +- winpr/libwinpr/sspi/test/TestNTLM.c | 158 +++-- .../sspi/test/TestQuerySecurityPackageInfo.c | 6 +- 16 files changed, 972 insertions(+), 542 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 444d6a8..2abaff8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -784,9 +784,11 @@ else() if(GSS_FLAVOUR STREQUAL "MIT") message(STATUS "MIT Kerberos suppport") add_definitions("-DWITH_GSSAPI -DWITH_GSSAPI_MIT") - elseif(GSS_FLAVOUR STREQUAL "HEIMDAL") + include_directories(${_GSS_INCLUDE_DIR}) + elseif(GSS_FLAVOUR STREQUAL "Heimdal") message(STATUS "Heimdal Kerberos support") add_definitions("-DWITH_GSSAPI -DWITH_GSSAPI_HEIMDAL") + include_directories(${_GSS_INCLUDE_DIR}) else() message(STATUS "Kerberos version not detected") endif() diff --git a/libfreerdp/core/gateway/ntlm.c b/libfreerdp/core/gateway/ntlm.c index e52a0d2..ebd12d1 100644 --- a/libfreerdp/core/gateway/ntlm.c +++ b/libfreerdp/core/gateway/ntlm.c @@ -35,39 +35,36 @@ #define TAG FREERDP_TAG("core.gateway.ntlm") -BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char* password, SecPkgContext_Bindings* Bindings) +BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char* password, + SecPkgContext_Bindings* Bindings) { SECURITY_STATUS status; - ntlm->http = http; ntlm->Bindings = Bindings; - ntlm->table = InitSecurityInterfaceEx(0); if (!ntlm->table) return FALSE; sspi_SetAuthIdentity(&(ntlm->identity), user, domain, password); - - status = ntlm->table->QuerySecurityPackageInfo(NTLMSSP_NAME, &ntlm->pPackageInfo); + status = ntlm->table->QuerySecurityPackageInfo(NTLM_SSP_NAME, &ntlm->pPackageInfo); if (status != SEC_E_OK) { WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [0x%08"PRIX32"]", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); return FALSE; } ntlm->cbMaxToken = ntlm->pPackageInfo->cbMaxToken; - - status = ntlm->table->AcquireCredentialsHandle(NULL, NTLMSSP_NAME, - SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL, - &ntlm->credentials, &ntlm->expiration); + status = ntlm->table->AcquireCredentialsHandle(NULL, NTLM_SSP_NAME, + SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL, + &ntlm->credentials, &ntlm->expiration); if (status != SEC_E_OK) { WLog_ERR(TAG, "AcquireCredentialsHandle status %s [0x%08"PRIX32"]", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); return FALSE; } @@ -76,7 +73,6 @@ BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char* ZeroMemory(&ntlm->inputBuffer, sizeof(SecBuffer)); ZeroMemory(&ntlm->outputBuffer, sizeof(SecBuffer)); ZeroMemory(&ntlm->ContextSizes, sizeof(SecPkgContext_Sizes)); - ntlm->fContextReq = 0; if (ntlm->http) @@ -87,12 +83,11 @@ BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char* else { /** - * flags for RPC authentication: - * RPC_C_AUTHN_LEVEL_PKT_INTEGRITY: - * ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH | - * ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT - */ - + * flags for RPC authentication: + * RPC_C_AUTHN_LEVEL_PKT_INTEGRITY: + * ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH | + * ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT + */ ntlm->fContextReq |= ISC_REQ_USE_DCE_STYLE; ntlm->fContextReq |= ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH; ntlm->fContextReq |= ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT; @@ -106,7 +101,6 @@ BOOL ntlm_client_make_spn(rdpNtlm* ntlm, LPCTSTR ServiceClass, char* hostname) BOOL status = FALSE; DWORD SpnLength = 0; LPTSTR hostnameX = NULL; - #ifdef UNICODE ConvertToUnicode(CP_UTF8, 0, hostname, -1, (LPWSTR*) &hostnameX, 0); #else @@ -119,7 +113,6 @@ BOOL ntlm_client_make_spn(rdpNtlm* ntlm, LPCTSTR ServiceClass, char* hostname) if (!ServiceClass) { ntlm->ServicePrincipalName = (LPTSTR) _tcsdup(hostnameX); - free(hostnameX); if (!ntlm->ServicePrincipalName) @@ -136,14 +129,13 @@ BOOL ntlm_client_make_spn(rdpNtlm* ntlm, LPCTSTR ServiceClass, char* hostname) if (!ntlm->ServicePrincipalName) goto error; - if (DsMakeSpn(ServiceClass, hostnameX, NULL, 0, NULL, &SpnLength, ntlm->ServicePrincipalName) != ERROR_SUCCESS) + if (DsMakeSpn(ServiceClass, hostnameX, NULL, 0, NULL, &SpnLength, + ntlm->ServicePrincipalName) != ERROR_SUCCESS) goto error; status = TRUE; - error: free(hostnameX); - return status; } @@ -228,38 +220,38 @@ BOOL ntlm_authenticate(rdpNtlm* ntlm) } status = ntlm->table->InitializeSecurityContext(&ntlm->credentials, - (ntlm->haveContext) ? &ntlm->context : NULL, - (ntlm->ServicePrincipalName) ? ntlm->ServicePrincipalName : NULL, - ntlm->fContextReq, 0, SECURITY_NATIVE_DREP, - (ntlm->haveInputBuffer) ? &ntlm->inputBufferDesc : NULL, - 0, &ntlm->context, &ntlm->outputBufferDesc, - &ntlm->pfContextAttr, &ntlm->expiration); - + (ntlm->haveContext) ? &ntlm->context : NULL, + (ntlm->ServicePrincipalName) ? ntlm->ServicePrincipalName : NULL, + ntlm->fContextReq, 0, SECURITY_NATIVE_DREP, + (ntlm->haveInputBuffer) ? &ntlm->inputBufferDesc : NULL, + 0, &ntlm->context, &ntlm->outputBufferDesc, + &ntlm->pfContextAttr, &ntlm->expiration); WLog_VRB(TAG, "InitializeSecurityContext status %s [0x%08"PRIX32"]", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); - if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) || (status == SEC_E_OK)) + if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) || + (status == SEC_E_OK)) { if ((status != SEC_E_OK) && ntlm->table->CompleteAuthToken) { SECURITY_STATUS cStatus; - cStatus = ntlm->table->CompleteAuthToken(&ntlm->context, &ntlm->outputBufferDesc); if (cStatus != SEC_E_OK) { WLog_WARN(TAG, "CompleteAuthToken status %s [0x%08"PRIX32"]", - GetSecurityStatusString(cStatus), cStatus); + GetSecurityStatusString(cStatus), cStatus); return FALSE; } } - status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes); + status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, + &ntlm->ContextSizes); if (status != SEC_E_OK) { WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure %s [0x%08"PRIX32"]", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); return FALSE; } @@ -277,7 +269,6 @@ BOOL ntlm_authenticate(rdpNtlm* ntlm) ntlm->haveInputBuffer = TRUE; ntlm->haveContext = TRUE; - return (status == SEC_I_CONTINUE_NEEDED) ? TRUE : FALSE; } @@ -285,38 +276,40 @@ void ntlm_client_uninit(rdpNtlm* ntlm) { free(ntlm->identity.User); ntlm->identity.User = NULL; - free(ntlm->identity.Domain); ntlm->identity.Domain = NULL; - free(ntlm->identity.Password); ntlm->identity.Password = NULL; - free(ntlm->ServicePrincipalName); ntlm->ServicePrincipalName = NULL; if (ntlm->table) { SECURITY_STATUS status; - status = ntlm->table->FreeCredentialsHandle(&ntlm->credentials); + if (status != SEC_E_OK) { WLog_WARN(TAG, "FreeCredentialsHandle status %s [0x%08"PRIX32"]", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); } + status = ntlm->table->FreeContextBuffer(ntlm->pPackageInfo); + if (status != SEC_E_OK) { WLog_WARN(TAG, "FreeContextBuffer status %s [0x%08"PRIX32"]", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); } + status = ntlm->table->DeleteSecurityContext(&ntlm->context); + if (status != SEC_E_OK) { WLog_WARN(TAG, "DeleteSecurityContext status %s [0x%08"PRIX32"]", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); } + ntlm->table = NULL; } } @@ -324,9 +317,7 @@ void ntlm_client_uninit(rdpNtlm* ntlm) rdpNtlm* ntlm_new() { rdpNtlm* ntlm; - ntlm = (rdpNtlm*) calloc(1, sizeof(rdpNtlm)); - return ntlm; } @@ -342,6 +333,5 @@ void ntlm_free(rdpNtlm* ntlm) } ntlm_client_uninit(ntlm); - free(ntlm); } diff --git a/libfreerdp/core/nla.h b/libfreerdp/core/nla.h index 2f72b64..f01f51d 100644 --- a/libfreerdp/core/nla.h +++ b/libfreerdp/core/nla.h @@ -38,12 +38,12 @@ typedef struct rdp_nla rdpNla; enum _NLA_STATE { - NLA_STATE_INITIAL, - NLA_STATE_NEGO_TOKEN, - NLA_STATE_PUB_KEY_AUTH, - NLA_STATE_AUTH_INFO, - NLA_STATE_POST_NEGO, - NLA_STATE_FINAL + NLA_STATE_INITIAL, + NLA_STATE_NEGO_TOKEN, + NLA_STATE_PUB_KEY_AUTH, + NLA_STATE_AUTH_INFO, + NLA_STATE_POST_NEGO, + NLA_STATE_FINAL }; typedef enum _NLA_STATE NLA_STATE; diff --git a/winpr/include/winpr/sspi.h b/winpr/include/winpr/sspi.h index df2d502..6491dee 100644 --- a/winpr/include/winpr/sspi.h +++ b/winpr/include/winpr/sspi.h @@ -92,9 +92,9 @@ typedef SecPkgInfoW* PSecPkgInfoW; #define PSecPkgInfo PSecPkgInfoA #endif -#define NTLMSSP_NAME _T("NTLM") +#define NTLM_SSP_NAME _T("NTLM") #define KERBEROS_SSP_NAME _T("Kerberos") -#define NEGOSSP_NAME _T("Negotiate") +#define NEGO_SSP_NAME _T("Negotiate") #endif @@ -598,7 +598,7 @@ typedef struct _SEC_WINNT_AUTH_IDENTITY_W UINT16* Password; UINT32 PasswordLength; UINT32 Flags; -} SEC_WINNT_AUTH_IDENTITY_W,*PSEC_WINNT_AUTH_IDENTITY_W; +} SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W; typedef struct _SEC_WINNT_AUTH_IDENTITY_A { @@ -610,7 +610,7 @@ typedef struct _SEC_WINNT_AUTH_IDENTITY_A BYTE* Password; UINT32 PasswordLength; UINT32 Flags; -} SEC_WINNT_AUTH_IDENTITY_A,*PSEC_WINNT_AUTH_IDENTITY_A; +} SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A; struct _SEC_WINNT_AUTH_IDENTITY { @@ -645,7 +645,7 @@ typedef CtxtHandle* PCtxtHandle; #define SecIsValidHandle(x) \ ((((PSecHandle)(x))->dwLower != ((ULONG_PTR)((INT_PTR) - 1))) && \ - (((PSecHandle) (x))->dwUpper != ((ULONG_PTR)((INT_PTR) - 1)))) + (((PSecHandle) (x))->dwUpper != ((ULONG_PTR)((INT_PTR) - 1)))) #endif @@ -697,10 +697,13 @@ struct _SecBufferDesc typedef struct _SecBufferDesc SecBufferDesc; typedef SecBufferDesc* PSecBufferDesc; -typedef void (SEC_ENTRY * SEC_GET_KEY_FN)(void* Arg, void* Principal, UINT32 KeyVer, void** Key, SECURITY_STATUS* pStatus); +typedef void (SEC_ENTRY* SEC_GET_KEY_FN)(void* Arg, void* Principal, UINT32 KeyVer, void** Key, + SECURITY_STATUS* pStatus); -typedef SECURITY_STATUS (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)(ULONG* pcPackages, PSecPkgInfoA* ppPackageInfo); -typedef SECURITY_STATUS (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(ULONG* pcPackages, PSecPkgInfoW* ppPackageInfo); +typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_A)(ULONG* pcPackages, + PSecPkgInfoA* ppPackageInfo); +typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_W)(ULONG* pcPackages, + PSecPkgInfoW* ppPackageInfo); #ifdef UNICODE #define EnumerateSecurityPackages EnumerateSecurityPackagesW @@ -710,8 +713,10 @@ typedef SECURITY_STATUS (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(ULONG* pc #define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A #endif -typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer); -typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer); +typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential, + ULONG ulAttribute, void* pBuffer); +typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential, + ULONG ulAttribute, void* pBuffer); #ifdef UNICODE #define QueryCredentialsAttributes QueryCredentialsAttributesW @@ -721,12 +726,14 @@ typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHan #define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A #endif -typedef SECURITY_STATUS (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)(LPSTR pszPrincipal, LPSTR pszPackage, - ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, - void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry); -typedef SECURITY_STATUS (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(LPWSTR pszPrincipal, LPWSTR pszPackage, - ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, - void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry); +typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_A)(LPSTR pszPrincipal, + LPSTR pszPackage, + ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, + void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry); +typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_W)(LPWSTR pszPrincipal, + LPWSTR pszPackage, + ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, + void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry); #ifdef UNICODE #define AcquireCredentialsHandle AcquireCredentialsHandleW @@ -736,16 +743,18 @@ typedef SECURITY_STATUS (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(LPWSTR psz #define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A #endif -typedef SECURITY_STATUS (SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)(PCredHandle phCredential); +typedef SECURITY_STATUS(SEC_ENTRY* FREE_CREDENTIALS_HANDLE_FN)(PCredHandle phCredential); -typedef SECURITY_STATUS (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)(PCredHandle phCredential, PCtxtHandle phContext, - SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, - PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, - PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); -typedef SECURITY_STATUS (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(PCredHandle phCredential, PCtxtHandle phContext, - SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, - PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, - PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); +typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_A)(PCredHandle phCredential, + PCtxtHandle phContext, + SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, + PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, + PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); +typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_W)(PCredHandle phCredential, + PCtxtHandle phContext, + SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, + PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, + PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); #ifdef UNICODE #define InitializeSecurityContext InitializeSecurityContextW @@ -755,18 +764,23 @@ typedef SECURITY_STATUS (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(PCredHand #define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A #endif -typedef SECURITY_STATUS (SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)(PCredHandle phCredential, PCtxtHandle phContext, - PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, - PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp); +typedef SECURITY_STATUS(SEC_ENTRY* ACCEPT_SECURITY_CONTEXT_FN)(PCredHandle phCredential, + PCtxtHandle phContext, + PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, + PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp); -typedef SECURITY_STATUS (SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)(PCtxtHandle phContext, PSecBufferDesc pToken); +typedef SECURITY_STATUS(SEC_ENTRY* COMPLETE_AUTH_TOKEN_FN)(PCtxtHandle phContext, + PSecBufferDesc pToken); -typedef SECURITY_STATUS (SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); +typedef SECURITY_STATUS(SEC_ENTRY* DELETE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); -typedef SECURITY_STATUS (SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)(PCtxtHandle phContext, PSecBufferDesc pInput); +typedef SECURITY_STATUS(SEC_ENTRY* APPLY_CONTROL_TOKEN_FN)(PCtxtHandle phContext, + PSecBufferDesc pInput); -typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer); -typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer); +typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, + ULONG ulAttribute, void* pBuffer); +typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, + ULONG ulAttribute, void* pBuffer); #ifdef UNICODE #define QueryContextAttributes QueryContextAttributesW @@ -776,18 +790,22 @@ typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle #define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A #endif -typedef SECURITY_STATUS (SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); +typedef SECURITY_STATUS(SEC_ENTRY* IMPERSONATE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); -typedef SECURITY_STATUS (SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); +typedef SECURITY_STATUS(SEC_ENTRY* REVERT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext); -typedef SECURITY_STATUS (SEC_ENTRY * MAKE_SIGNATURE_FN)(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo); +typedef SECURITY_STATUS(SEC_ENTRY* MAKE_SIGNATURE_FN)(PCtxtHandle phContext, ULONG fQOP, + PSecBufferDesc pMessage, ULONG MessageSeqNo); -typedef SECURITY_STATUS (SEC_ENTRY * VERIFY_SIGNATURE_FN)(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP); +typedef SECURITY_STATUS(SEC_ENTRY* VERIFY_SIGNATURE_FN)(PCtxtHandle phContext, + PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP); -typedef SECURITY_STATUS (SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)(void* pvContextBuffer); +typedef SECURITY_STATUS(SEC_ENTRY* FREE_CONTEXT_BUFFER_FN)(void* pvContextBuffer); -typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)(SEC_CHAR* pszPackageName, PSecPkgInfoA* ppPackageInfo); -typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR* pszPackageName, PSecPkgInfoW* ppPackageInfo); +typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_A)(SEC_CHAR* pszPackageName, + PSecPkgInfoA* ppPackageInfo); +typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR* pszPackageName, + PSecPkgInfoW* ppPackageInfo); #ifdef UNICODE #define QuerySecurityPackageInfo QuerySecurityPackageInfoW @@ -797,10 +815,13 @@ typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR #define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A #endif -typedef SECURITY_STATUS (SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext, ULONG fFlags, PSecBuffer pPackedContext, HANDLE* pToken); +typedef SECURITY_STATUS(SEC_ENTRY* EXPORT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext, ULONG fFlags, + PSecBuffer pPackedContext, HANDLE* pToken); -typedef SECURITY_STATUS (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)(SEC_CHAR* pszPackage, PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext); -typedef SECURITY_STATUS (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* pszPackage, PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext); +typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_A)(SEC_CHAR* pszPackage, + PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext); +typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* pszPackage, + PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext); #ifdef UNICODE #define ImportSecurityContext ImportSecurityContextW @@ -810,10 +831,14 @@ typedef SECURITY_STATUS (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* ps #define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A #endif -typedef SECURITY_STATUS (SEC_ENTRY * ADD_CREDENTIALS_FN_A)(PCredHandle hCredentials, SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, - UINT32 fCredentialUse, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry); -typedef SECURITY_STATUS (SEC_ENTRY * ADD_CREDENTIALS_FN_W)(PCredHandle hCredentials, SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, - UINT32 fCredentialUse, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry); +typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_A)(PCredHandle hCredentials, + SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, + UINT32 fCredentialUse, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, + PTimeStamp ptsExpiry); +typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_W)(PCredHandle hCredentials, + SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, + UINT32 fCredentialUse, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, + PTimeStamp ptsExpiry); #ifdef UNICODE #define AddCredentials AddCredentialsW @@ -823,14 +848,19 @@ typedef SECURITY_STATUS (SEC_ENTRY * ADD_CREDENTIALS_FN_W)(PCredHandle hCredenti #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A #endif -typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)(PCtxtHandle phContext, HANDLE* phToken); +typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_CONTEXT_TOKEN_FN)(PCtxtHandle phContext, + HANDLE* phToken); -typedef SECURITY_STATUS (SEC_ENTRY * ENCRYPT_MESSAGE_FN)(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo); +typedef SECURITY_STATUS(SEC_ENTRY* ENCRYPT_MESSAGE_FN)(PCtxtHandle phContext, ULONG fQOP, + PSecBufferDesc pMessage, ULONG MessageSeqNo); -typedef SECURITY_STATUS (SEC_ENTRY * DECRYPT_MESSAGE_FN)(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP); +typedef SECURITY_STATUS(SEC_ENTRY* DECRYPT_MESSAGE_FN)(PCtxtHandle phContext, + PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP); -typedef SECURITY_STATUS (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer); -typedef SECURITY_STATUS (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer); +typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, + ULONG ulAttribute, void* pBuffer, ULONG cbBuffer); +typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, + ULONG ulAttribute, void* pBuffer, ULONG cbBuffer); #ifdef UNICODE #define SetContextAttributes SetContextAttributesW @@ -913,8 +943,8 @@ struct _SecurityFunctionTableW typedef struct _SecurityFunctionTableW SecurityFunctionTableW; typedef SecurityFunctionTableW* PSecurityFunctionTableW; -typedef PSecurityFunctionTableA (SEC_ENTRY * INIT_SECURITY_INTERFACE_A)(void); -typedef PSecurityFunctionTableW (SEC_ENTRY * INIT_SECURITY_INTERFACE_W)(void); +typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_A)(void); +typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_W)(void); #ifdef UNICODE #define InitSecurityInterface InitSecurityInterfaceW @@ -934,38 +964,50 @@ extern "C" { /* Package Management */ -WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesA(ULONG* pcPackages, PSecPkgInfoA* ppPackageInfo); -WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesW(ULONG* pcPackages, PSecPkgInfoW* ppPackageInfo); +WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesA(ULONG* pcPackages, + PSecPkgInfoA* ppPackageInfo); +WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesW(ULONG* pcPackages, + PSecPkgInfoW* ppPackageInfo); WINPR_API PSecurityFunctionTableA SEC_ENTRY InitSecurityInterfaceA(void); WINPR_API PSecurityFunctionTableW SEC_ENTRY InitSecurityInterfaceW(void); -WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName, PSecPkgInfoA* ppPackageInfo); -WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName, PSecPkgInfoW* ppPackageInfo); +WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName, + PSecPkgInfoA* ppPackageInfo); +WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName, + PSecPkgInfoW* ppPackageInfo); /* Credential Management */ -WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, - ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, - void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry); -WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleW(SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, - ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, - void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry); - -WINPR_API SECURITY_STATUS SEC_ENTRY ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags, PSecBuffer pPackedContext, HANDLE* pToken); +WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal, + SEC_CHAR* pszPackage, + ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, + void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry); +WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleW(SEC_WCHAR* pszPrincipal, + SEC_WCHAR* pszPackage, + ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, + void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry); + +WINPR_API SECURITY_STATUS SEC_ENTRY ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags, + PSecBuffer pPackedContext, HANDLE* pToken); WINPR_API SECURITY_STATUS SEC_ENTRY FreeCredentialsHandle(PCredHandle phCredential); -WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextA(SEC_CHAR* pszPackage, PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext); -WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextW(SEC_WCHAR* pszPackage, PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext); +WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextA(SEC_CHAR* pszPackage, + PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext); +WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextW(SEC_WCHAR* pszPackage, + PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext); -WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesA(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer); -WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesW(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer); +WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesA(PCredHandle phCredential, + ULONG ulAttribute, void* pBuffer); +WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesW(PCredHandle phCredential, + ULONG ulAttribute, void* pBuffer); /* Context Management */ -WINPR_API SECURITY_STATUS SEC_ENTRY AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, - PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, - PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp); +WINPR_API SECURITY_STATUS SEC_ENTRY AcceptSecurityContext(PCredHandle phCredential, + PCtxtHandle phContext, + PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, + PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp); WINPR_API SECURITY_STATUS SEC_ENTRY ApplyControlToken(PCtxtHandle phContext, PSecBufferDesc pInput); WINPR_API SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext, PSecBufferDesc pToken); @@ -973,26 +1015,35 @@ WINPR_API SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext) WINPR_API SECURITY_STATUS SEC_ENTRY FreeContextBuffer(void* pvContextBuffer); WINPR_API SECURITY_STATUS SEC_ENTRY ImpersonateSecurityContext(PCtxtHandle phContext); -WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext, - SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, - PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, - PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); -WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextW(PCredHandle phCredential, PCtxtHandle phContext, - SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, - PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, - PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); - -WINPR_API SECURITY_STATUS SEC_ENTRY QueryContextAttributes(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer); -WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityContextToken(PCtxtHandle phContext, HANDLE* phToken); -WINPR_API SECURITY_STATUS SEC_ENTRY SetContextAttributes(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer); +WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextA(PCredHandle phCredential, + PCtxtHandle phContext, + SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, + PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, + PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); +WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextW(PCredHandle phCredential, + PCtxtHandle phContext, + SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, + PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, + PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry); + +WINPR_API SECURITY_STATUS SEC_ENTRY QueryContextAttributes(PCtxtHandle phContext, ULONG ulAttribute, + void* pBuffer); +WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityContextToken(PCtxtHandle phContext, + HANDLE* phToken); +WINPR_API SECURITY_STATUS SEC_ENTRY SetContextAttributes(PCtxtHandle phContext, ULONG ulAttribute, + void* pBuffer, ULONG cbBuffer); WINPR_API SECURITY_STATUS SEC_ENTRY RevertSecurityContext(PCtxtHandle phContext); /* Message Support */ -WINPR_API SECURITY_STATUS SEC_ENTRY DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP); -WINPR_API SECURITY_STATUS SEC_ENTRY EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo); -WINPR_API SECURITY_STATUS SEC_ENTRY MakeSignature(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo); -WINPR_API SECURITY_STATUS SEC_ENTRY VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP); +WINPR_API SECURITY_STATUS SEC_ENTRY DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, + ULONG MessageSeqNo, PULONG pfQOP); +WINPR_API SECURITY_STATUS SEC_ENTRY EncryptMessage(PCtxtHandle phContext, ULONG fQOP, + PSecBufferDesc pMessage, ULONG MessageSeqNo); +WINPR_API SECURITY_STATUS SEC_ENTRY MakeSignature(PCtxtHandle phContext, ULONG fQOP, + PSecBufferDesc pMessage, ULONG MessageSeqNo); +WINPR_API SECURITY_STATUS SEC_ENTRY VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, + ULONG MessageSeqNo, PULONG pfQOP); #ifdef __cplusplus } @@ -1072,8 +1123,8 @@ typedef struct _SecPkgContext_AuthNtlmMessage SecPkgContext_AuthNtlmMessage; #define SSPI_INTERFACE_WINPR 0x00000001 #define SSPI_INTERFACE_NATIVE 0x00000002 -typedef PSecurityFunctionTableA (SEC_ENTRY * INIT_SECURITY_INTERFACE_EX_A)(DWORD flags); -typedef PSecurityFunctionTableW (SEC_ENTRY * INIT_SECURITY_INTERFACE_EX_W)(DWORD flags); +typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_A)(DWORD flags); +typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_W)(DWORD flags); WINPR_API void sspi_GlobalInit(void); WINPR_API void sspi_GlobalFinish(void); @@ -1081,8 +1132,10 @@ WINPR_API void sspi_GlobalFinish(void); WINPR_API void* sspi_SecBufferAlloc(PSecBuffer SecBuffer, ULONG size); WINPR_API void sspi_SecBufferFree(PSecBuffer SecBuffer); -WINPR_API int sspi_SetAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, const char* user, const char* domain, const char* password); -WINPR_API int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, SEC_WINNT_AUTH_IDENTITY* srcIdentity); +WINPR_API int sspi_SetAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, const char* user, + const char* domain, const char* password); +WINPR_API int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, + SEC_WINNT_AUTH_IDENTITY* srcIdentity); WINPR_API const char* GetSecurityStatusString(SECURITY_STATUS status); diff --git a/winpr/libwinpr/sspi/Kerberos/kerberos.c b/winpr/libwinpr/sspi/Kerberos/kerberos.c index 194af7f..51d9e29 100644 --- a/winpr/libwinpr/sspi/Kerberos/kerberos.c +++ b/winpr/libwinpr/sspi/Kerberos/kerberos.c @@ -32,6 +32,10 @@ #include "kerberos.h" +#ifdef WITH_GSSAPI_HEIMDAL +#include +#endif + #include "../sspi.h" #include "../../log.h" #define TAG WINPR_TAG("sspi.Kerberos") @@ -285,6 +289,8 @@ int init_creds(LPCWSTR username, size_t username_len, LPCWSTR password, size_t p char* lusername = NULL; char* lrealm = NULL; char* lpassword = NULL; + int flags = 0; + char* pstr = NULL; size_t krb_name_len = 0; size_t lrealm_len = 0; size_t lusername_len = 0; @@ -341,7 +347,14 @@ int init_creds(LPCWSTR username, size_t username_len, LPCWSTR password, size_t p #ifdef WITH_DEBUG_NLA WLog_DBG(TAG, "copied string is %s\n", krb_name); #endif - ret = krb5_parse_name(ctx, krb_name, &principal); + pstr = strchr(lusername, '@'); + + if (pstr != NULL) + flags = KRB5_PRINCIPAL_PARSE_ENTERPRISE; + + /* Use the specified principal name. */ + ret = krb5_parse_name_flags(ctx, krb_name, flags, + &principal); if (ret) { @@ -439,9 +452,8 @@ SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(PCredHandle phCred context->credentials->identity.Password, context->credentials->identity.PasswordLength)) return SEC_E_NO_CREDENTIALS; - else - WLog_INFO(TAG, "Authenticated to Kerberos v5 via login/password"); + WLog_INFO(TAG, "Authenticated to Kerberos v5 via login/password"); /* retry GSSAPI call */ context->major_status = sspi_gss_init_sec_context(&(context->minor_status), context->cred, &(context->gss_ctx), context->target_name, @@ -452,6 +464,7 @@ SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(PCredHandle phCred if (SSPI_GSS_ERROR(context->major_status)) { /* We can't use Kerberos */ + WLog_ERR(TAG, "Init GSS security context failed : can't use Kerberos"); return SEC_E_INTERNAL_ERROR; } } diff --git a/winpr/libwinpr/sspi/NTLM/ntlm.c b/winpr/libwinpr/sspi/NTLM/ntlm.c index 0dadbcf..5349798 100644 --- a/winpr/libwinpr/sspi/NTLM/ntlm.c +++ b/winpr/libwinpr/sspi/NTLM/ntlm.c @@ -681,7 +681,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext) return SEC_E_OK; } -SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT *ntlm, SecBuffer *ntproof) +SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT* ntlm, SecBuffer* ntproof) { BYTE* blob; SecBuffer* target = &ntlm->ChallengeTargetInfo; @@ -689,33 +689,29 @@ SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT *ntlm, SecBuffer *ntproof) if (!sspi_SecBufferAlloc(ntproof, 36 + target->cbBuffer)) return SEC_E_INSUFFICIENT_MEMORY; - blob = (BYTE *)ntproof->pvBuffer; - + blob = (BYTE*)ntproof->pvBuffer; CopyMemory(blob, ntlm->ServerChallenge, 8); /* Server challenge. */ blob[8] = 1; /* Response version. */ blob[9] = 1; /* Highest response version understood by the client. */ /* Reserved 6B. */ - CopyMemory(&blob[16], ntlm->Timestamp, 8); /* Time. */ CopyMemory(&blob[24], ntlm->ClientChallenge, 8); /* Client challenge. */ /* Reserved 4B. */ /* Server name. */ CopyMemory(&blob[36], target->pvBuffer, target->cbBuffer); - return SEC_E_OK; - } -SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT *ntlm, SecBuffer *micvalue) +SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT* ntlm, SecBuffer* micvalue) { BYTE* blob; ULONG msgSize = ntlm->NegotiateMessage.cbBuffer + ntlm->ChallengeMessage.cbBuffer + - ntlm->AuthenticateMessage.cbBuffer; + ntlm->AuthenticateMessage.cbBuffer; if (!sspi_SecBufferAlloc(micvalue, msgSize)) return SEC_E_INSUFFICIENT_MEMORY; - blob = (BYTE *) micvalue->pvBuffer; + blob = (BYTE*) micvalue->pvBuffer; CopyMemory(blob, ntlm->NegotiateMessage.pvBuffer, ntlm->NegotiateMessage.cbBuffer); blob += ntlm->NegotiateMessage.cbBuffer; CopyMemory(blob, ntlm->ChallengeMessage.pvBuffer, ntlm->ChallengeMessage.cbBuffer); @@ -723,7 +719,6 @@ SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT *ntlm, SecBuffer *micvalue) CopyMemory(blob, ntlm->AuthenticateMessage.pvBuffer, ntlm->AuthenticateMessage.cbBuffer); blob += ntlm->MessageIntegrityCheckOffset; ZeroMemory(blob, 16); - return SEC_E_OK; } diff --git a/winpr/libwinpr/sspi/Negotiate/negotiate.c b/winpr/libwinpr/sspi/Negotiate/negotiate.c index 315e3c7..a86be7c 100644 --- a/winpr/libwinpr/sspi/Negotiate/negotiate.c +++ b/winpr/libwinpr/sspi/Negotiate/negotiate.c @@ -43,6 +43,36 @@ static BOOL ErrorInitContextKerberos = FALSE; static BOOL ErrorInitContextKerberos = TRUE; #endif +const SecPkgInfoA NEGOTIATE_SecPkgInfoA = +{ + 0x00083BB3, /* fCapabilities */ + 1, /* wVersion */ + 0x0009, /* wRPCID */ + 0x00002FE0, /* cbMaxToken */ + "Negotiate", /* Name */ + "Microsoft Package Negotiator" /* Comment */ +}; + +WCHAR NEGOTIATE_SecPkgInfoW_Name[] = { 'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'e', '\0' }; + +WCHAR NEGOTIATE_SecPkgInfoW_Comment[] = +{ + 'M', 'i', 'c', 'r', 'o', 's', 'o', 'f', 't', ' ', + 'P', 'a', 'c', 'k', 'a', 'g', 'e', ' ', + 'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'o', 'r', '\0' +}; + +const SecPkgInfoW NEGOTIATE_SecPkgInfoW = +{ + 0x00083BB3, /* fCapabilities */ + 1, /* wVersion */ + 0x0009, /* wRPCID */ + 0x00002FE0, /* cbMaxToken */ + NEGOTIATE_SecPkgInfoW_Name, /* Name */ + NEGOTIATE_SecPkgInfoW_Comment /* Comment */ +}; + + void negotiate_SetSubPackage(NEGOTIATE_CONTEXT* context, const char* name) { if (strcmp(name, KERBEROS_SSP_NAME) == 0) @@ -73,7 +103,7 @@ NEGOTIATE_CONTEXT* negotiate_ContextNew() context->NegotiateFlags = 0; context->state = NEGOTIATE_STATE_INITIAL; SecInvalidateHandle(&(context->SubContext)); - negotiate_SetSubPackage(context, KERBEROS_SSP_NAME); + negotiate_SetSubPackage(context, (const char*) KERBEROS_SSP_NAME); return context; } @@ -100,7 +130,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(PCredHandle phCre return SEC_E_INTERNAL_ERROR; sspi_SecureHandleSetLowerPointer(phNewContext, context); - sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOSSP_NAME); + sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGO_SSP_NAME); } /* if Kerberos has previously failed or WITH_GSSAPI is not defined, we use NTLM directly */ @@ -108,7 +138,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(PCredHandle phCre { if (!pInput) { - negotiate_SetSubPackage(context, KERBEROS_SSP_NAME); + negotiate_SetSubPackage(context, (const char*) KERBEROS_SSP_NAME); } status = context->sspiW->InitializeSecurityContextW(phCredential, &(context->SubContext), @@ -129,7 +159,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(PCredHandle phCre if (!pInput) { context->sspiA->DeleteSecurityContext(&(context->SubContext)); - negotiate_SetSubPackage(context, NTLMSSP_NAME); + negotiate_SetSubPackage(context, (const char*) NTLM_SSP_NAME); } status = context->sspiW->InitializeSecurityContextW(phCredential, &(context->SubContext), @@ -158,7 +188,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCre return SEC_E_INTERNAL_ERROR; sspi_SecureHandleSetLowerPointer(phNewContext, context); - sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOSSP_NAME); + sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGO_SSP_NAME); } /* if Kerberos has previously failed or WITH_GSSAPI is not defined, we use NTLM directly */ @@ -166,7 +196,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCre { if (!pInput) { - negotiate_SetSubPackage(context, KERBEROS_SSP_NAME); + negotiate_SetSubPackage(context, (const char*) KERBEROS_SSP_NAME); } status = context->sspiA->InitializeSecurityContextA(phCredential, &(context->SubContext), @@ -187,7 +217,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCre if (!pInput) { context->sspiA->DeleteSecurityContext(&(context->SubContext)); - negotiate_SetSubPackage(context, NTLMSSP_NAME); + negotiate_SetSubPackage(context, (const char*) NTLM_SSP_NAME); } status = context->sspiA->InitializeSecurityContextA(phCredential, &(context->SubContext), @@ -215,10 +245,11 @@ SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(PCredHandle phCredenti return SEC_E_INTERNAL_ERROR; sspi_SecureHandleSetLowerPointer(phNewContext, context); - sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOSSP_NAME); + sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGO_SSP_NAME); } - negotiate_SetSubPackage(context, NTLMSSP_NAME); /* server-side Kerberos not yet implemented */ + negotiate_SetSubPackage(context, + (const char*) NTLM_SSP_NAME); /* server-side Kerberos not yet implemented */ status = context->sspiA->AcceptSecurityContext(phCredential, &(context->SubContext), pInput, fContextReq, TargetDataRep, &(context->SubContext), pOutput, pfContextAttr, ptsTimeStamp); @@ -400,7 +431,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleW(SEC_WCHAR* pszPrin sspi_CopyAuthIdentity(&(credentials->identity), identity); sspi_SecureHandleSetLowerPointer(phCredential, (void*) credentials); - sspi_SecureHandleSetUpperPointer(phCredential, (void*) NEGOSSP_NAME); + sspi_SecureHandleSetUpperPointer(phCredential, (void*) NEGO_SSP_NAME); return SEC_E_OK; } @@ -433,7 +464,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleA(SEC_CHAR* pszPrinc sspi_CopyAuthIdentity(&(credentials->identity), identity); sspi_SecureHandleSetLowerPointer(phCredential, (void*) credentials); - sspi_SecureHandleSetUpperPointer(phCredential, (void*) NEGOSSP_NAME); + sspi_SecureHandleSetUpperPointer(phCredential, (void*) NEGO_SSP_NAME); return SEC_E_OK; } @@ -582,31 +613,3 @@ const SecurityFunctionTableW NEGOTIATE_SecurityFunctionTableW = negotiate_SetContextAttributesW, /* SetContextAttributes */ }; -const SecPkgInfoA NEGOTIATE_SecPkgInfoA = -{ - 0x00083BB3, /* fCapabilities */ - 1, /* wVersion */ - 0x0009, /* wRPCID */ - 0x00002FE0, /* cbMaxToken */ - "Negotiate", /* Name */ - "Microsoft Package Negotiator" /* Comment */ -}; - -WCHAR NEGOTIATE_SecPkgInfoW_Name[] = { 'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'e', '\0' }; - -WCHAR NEGOTIATE_SecPkgInfoW_Comment[] = -{ - 'M', 'i', 'c', 'r', 'o', 's', 'o', 'f', 't', ' ', - 'P', 'a', 'c', 'k', 'a', 'g', 'e', ' ', - 'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'o', 'r', '\0' -}; - -const SecPkgInfoW NEGOTIATE_SecPkgInfoW = -{ - 0x00083BB3, /* fCapabilities */ - 1, /* wVersion */ - 0x0009, /* wRPCID */ - 0x00002FE0, /* cbMaxToken */ - NEGOTIATE_SecPkgInfoW_Name, /* Name */ - NEGOTIATE_SecPkgInfoW_Comment /* Comment */ -}; diff --git a/winpr/libwinpr/sspi/Negotiate/negotiate.h b/winpr/libwinpr/sspi/Negotiate/negotiate.h index ac50e96..b4fc031 100644 --- a/winpr/libwinpr/sspi/Negotiate/negotiate.h +++ b/winpr/libwinpr/sspi/Negotiate/negotiate.h @@ -28,10 +28,10 @@ enum _NEGOTIATE_STATE { - NEGOTIATE_STATE_INITIAL, - NEGOTIATE_STATE_NEGOINIT, - NEGOTIATE_STATE_NEGORESP, - NEGOTIATE_STATE_FINAL + NEGOTIATE_STATE_INITIAL, + NEGOTIATE_STATE_NEGOINIT, + NEGOTIATE_STATE_NEGORESP, + NEGOTIATE_STATE_FINAL }; typedef enum _NEGOTIATE_STATE NEGOTIATE_STATE; diff --git a/winpr/libwinpr/sspi/sspi.h b/winpr/libwinpr/sspi/sspi.h index 2a73ad1..0c89343 100644 --- a/winpr/libwinpr/sspi/sspi.h +++ b/winpr/libwinpr/sspi/sspi.h @@ -53,34 +53,34 @@ void sspi_SecureHandleFree(SecHandle* handle); enum SecurityFunctionTableIndex { - EnumerateSecurityPackagesIndex = 1, - Reserved1Index = 2, - QueryCredentialsAttributesIndex = 3, - AcquireCredentialsHandleIndex = 4, - FreeCredentialsHandleIndex = 5, - Reserved2Index = 6, - InitializeSecurityContextIndex = 7, - AcceptSecurityContextIndex = 8, - CompleteAuthTokenIndex = 9, - DeleteSecurityContextIndex = 10, - ApplyControlTokenIndex = 11, - QueryContextAttributesIndex = 12, - ImpersonateSecurityContextIndex = 13, - RevertSecurityContextIndex = 14, - MakeSignatureIndex = 15, - VerifySignatureIndex = 16, - FreeContextBufferIndex = 17, - QuerySecurityPackageInfoIndex = 18, - Reserved3Index = 19, - Reserved4Index = 20, - ExportSecurityContextIndex = 21, - ImportSecurityContextIndex = 22, - AddCredentialsIndex = 23, - Reserved8Index = 24, - QuerySecurityContextTokenIndex = 25, - EncryptMessageIndex = 26, - DecryptMessageIndex = 27, - SetContextAttributesIndex = 28 + EnumerateSecurityPackagesIndex = 1, + Reserved1Index = 2, + QueryCredentialsAttributesIndex = 3, + AcquireCredentialsHandleIndex = 4, + FreeCredentialsHandleIndex = 5, + Reserved2Index = 6, + InitializeSecurityContextIndex = 7, + AcceptSecurityContextIndex = 8, + CompleteAuthTokenIndex = 9, + DeleteSecurityContextIndex = 10, + ApplyControlTokenIndex = 11, + QueryContextAttributesIndex = 12, + ImpersonateSecurityContextIndex = 13, + RevertSecurityContextIndex = 14, + MakeSignatureIndex = 15, + VerifySignatureIndex = 16, + FreeContextBufferIndex = 17, + QuerySecurityPackageInfoIndex = 18, + Reserved3Index = 19, + Reserved4Index = 20, + ExportSecurityContextIndex = 21, + ImportSecurityContextIndex = 22, + AddCredentialsIndex = 23, + Reserved8Index = 24, + QuerySecurityContextTokenIndex = 25, + EncryptMessageIndex = 26, + DecryptMessageIndex = 27, + SetContextAttributesIndex = 28 }; BOOL IsSecurityStatusError(SECURITY_STATUS status); diff --git a/winpr/libwinpr/sspi/sspi_gss.c b/winpr/libwinpr/sspi/sspi_gss.c index d2a5ec2..0b33462 100644 --- a/winpr/libwinpr/sspi/sspi_gss.c +++ b/winpr/libwinpr/sspi/sspi_gss.c @@ -4,6 +4,7 @@ * * Copyright 2015 ANSSI, Author Thomas Calderon * Copyright 2015 Marc-Andre Moreau + * Copyright 2017 Dorian Ducournau * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,6 +19,13 @@ * limitations under the License. */ +#include +#include + +#include "../../include/winpr/synch.h" +#include "../../include/winpr/wlog.h" +#include "../../include/winpr/wtypes.h" + #ifdef HAVE_CONFIG_H #include "config.h" #endif @@ -30,17 +38,96 @@ #include "../../log.h" #define TAG WINPR_TAG("sspi.gss") -int sspi_GssApiInit(); +static GSSAPI_FUNCTION_TABLE* g_GssApi = NULL; +static INIT_ONCE g_Initialized = INIT_ONCE_STATIC_INIT; + +#ifdef WITH_GSSAPI + +#include + +GSSAPI_FUNCTION_TABLE g_GssApiLink = +{ + (fn_sspi_gss_acquire_cred) gss_acquire_cred, /* gss_acquire_cred */ + (fn_sspi_gss_release_cred) gss_release_cred, /* gss_release_cred */ + (fn_sspi_gss_init_sec_context) gss_init_sec_context, /* gss_init_sec_context */ + (fn_sspi_gss_accept_sec_context) gss_accept_sec_context, /* gss_accept_sec_context */ + (fn_sspi_gss_process_context_token) gss_process_context_token, /* gss_process_context_token */ + (fn_sspi_gss_delete_sec_context) gss_delete_sec_context, /* gss_delete_sec_context */ + (fn_sspi_gss_context_time) gss_context_time, /* gss_context_time */ + (fn_sspi_gss_get_mic) gss_get_mic, /* gss_get_mic */ + (fn_sspi_gss_verify_mic) gss_verify_mic, /* gss_verify_mic */ + (fn_sspi_gss_wrap) gss_wrap, /* gss_wrap */ + (fn_sspi_gss_unwrap) gss_unwrap, /* gss_unwrap */ + (fn_sspi_gss_display_status) gss_display_status, /* gss_display_status */ + (fn_sspi_gss_indicate_mechs) gss_indicate_mechs, /* gss_indicate_mechs */ + (fn_sspi_gss_compare_name) gss_compare_name, /* gss_compare_name */ + (fn_sspi_gss_display_name) gss_display_name, /* gss_display_name */ + (fn_sspi_gss_import_name) gss_import_name, /* gss_import_name */ + (fn_sspi_gss_release_name) gss_release_name, /* gss_release_name */ + (fn_sspi_gss_release_buffer) gss_release_buffer, /* gss_release_buffer */ + (fn_sspi_gss_release_oid_set) gss_release_oid_set, /* gss_release_oid_set */ + (fn_sspi_gss_inquire_cred) gss_inquire_cred, /* gss_inquire_cred */ + (fn_sspi_gss_inquire_context) gss_inquire_context, /* gss_inquire_context */ + (fn_sspi_gss_wrap_size_limit) gss_wrap_size_limit, /* gss_wrap_size_limit */ +#if 0 + (fn_sspi_gss_import_name_object) gss_import_name_object, /* gss_import_name_object */ + (fn_sspi_gss_export_name_object) gss_export_name_object, /* gss_export_name_object */ +#else + (fn_sspi_gss_import_name_object) NULL, /* gss_import_name_object */ + (fn_sspi_gss_export_name_object) NULL, /* gss_export_name_object */ +#endif + (fn_sspi_gss_add_cred) gss_add_cred, /* gss_add_cred */ + (fn_sspi_gss_inquire_cred_by_mech) gss_inquire_cred_by_mech, /* gss_inquire_cred_by_mech */ + (fn_sspi_gss_export_sec_context) gss_export_sec_context, /* gss_export_sec_context */ + (fn_sspi_gss_import_sec_context) gss_import_sec_context, /* gss_import_sec_context */ + (fn_sspi_gss_release_oid) gss_release_oid, /* gss_release_oid */ + (fn_sspi_gss_create_empty_oid_set) gss_create_empty_oid_set, /* gss_create_empty_oid_set */ + (fn_sspi_gss_add_oid_set_member) gss_add_oid_set_member, /* gss_add_oid_set_member */ + (fn_sspi_gss_test_oid_set_member) gss_test_oid_set_member, /* gss_test_oid_set_member */ +#ifdef WITH_GSSAPI_MIT + (fn_sspi_gss_str_to_oid) gss_str_to_oid, /* gss_str_to_oid */ +#else + (fn_sspi_gss_str_to_oid) NULL, /* gss_str_to_oid */ +#endif + (fn_sspi_gss_oid_to_str) gss_oid_to_str, /* gss_oid_to_str */ + (fn_sspi_gss_inquire_names_for_mech) gss_inquire_names_for_mech, /* gss_inquire_names_for_mech */ + (fn_sspi_gss_inquire_mechs_for_name) gss_inquire_mechs_for_name, /* gss_inquire_mechs_for_name */ + (fn_sspi_gss_sign) gss_sign, /* gss_sign */ + (fn_sspi_gss_verify) gss_verify, /* gss_verify */ + (fn_sspi_gss_seal) gss_seal, /* gss_seal */ + (fn_sspi_gss_unseal) gss_unseal, /* gss_unseal */ + (fn_sspi_gss_export_name) gss_export_name, /* gss_export_name */ + (fn_sspi_gss_duplicate_name) gss_duplicate_name, /* gss_duplicate_name */ + (fn_sspi_gss_canonicalize_name) gss_canonicalize_name, /* gss_canonicalize_name */ + (fn_sspi_gss_pseudo_random) gss_pseudo_random, /* gss_pseudo_random */ + (fn_sspi_gss_store_cred) gss_store_cred, /* gss_store_cred */ +#ifdef WITH_GSSAPI_MIT + (fn_sspi_gss_set_neg_mechs) gss_set_neg_mechs, /* gss_set_neg_mechs */ +#else + (fn_sspi_gss_set_neg_mechs) NULL, /* gss_set_neg_mechs */ +#endif +}; + +#endif + +GSSAPI_FUNCTION_TABLE* SEC_ENTRY gssApi_InitSecurityInterface(void) +{ +#ifdef WITH_GSSAPI + return &g_GssApiLink; +#else + return NULL; +#endif +} + +static BOOL CALLBACK sspi_GssApiInit(PINIT_ONCE once, PVOID param, PVOID* context) +{ + g_GssApi = gssApi_InitSecurityInterface(); -GSSAPI_FUNCTION_TABLE g_GssApi; -static BOOL g_Initialized = FALSE; + if (!g_GssApi) + return FALSE; -#define GSSAPI_STUB_CALL(_name, ...) \ - if (!g_Initialized) \ - sspi_GssApiInit(); \ - if (!g_GssApi.gss_ ## _name) \ - return 0; \ - return g_GssApi.gss_ ## _name ( __VA_ARGS__ ) + return TRUE; +} /** * SSPI GSSAPI OIDs @@ -62,8 +149,9 @@ sspi_gss_OID SSPI_GSS_C_NT_HOSTBASED_SERVICE = &g_SSPI_GSS_C_NT_HOSTBASED_SERVIC sspi_gss_OID SSPI_GSS_C_NT_ANONYMOUS = &g_SSPI_GSS_C_NT_ANONYMOUS; sspi_gss_OID SSPI_GSS_C_NT_EXPORT_NAME = &g_SSPI_GSS_C_NT_EXPORT_NAME; + /** - * SSPI GSSAPI Wrapper Stubs + * SSPI GSSAPI */ UINT32 SSPI_GSSAPI sspi_gss_acquire_cred( @@ -76,15 +164,33 @@ UINT32 SSPI_GSSAPI sspi_gss_acquire_cred( sspi_gss_OID_set* actual_mechs, UINT32* time_rec) { - GSSAPI_STUB_CALL(acquire_cred, minor_status, desired_name, time_req, - desired_mechs, cred_usage, output_cred_handle, actual_mechs, time_rec); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_acquire_cred)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_acquire_cred(minor_status, desired_name, time_req, + desired_mechs, cred_usage, output_cred_handle, actual_mechs, time_rec); + WLog_DBG(TAG, "gss_acquire_cred: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_release_cred( UINT32* minor_status, sspi_gss_cred_id_t* cred_handle) { - GSSAPI_STUB_CALL(release_cred, minor_status, cred_handle); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_release_cred)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_release_cred(minor_status, cred_handle); + WLog_DBG(TAG, "gss_release_cred: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_init_sec_context( @@ -102,9 +208,18 @@ UINT32 SSPI_GSSAPI sspi_gss_init_sec_context( UINT32* ret_flags, UINT32* time_rec) { - GSSAPI_STUB_CALL(init_sec_context, minor_status, claimant_cred_handle, context_handle, - target_name, mech_type, req_flags, time_req, input_chan_bindings, - input_token, actual_mech_type, output_token, ret_flags, time_rec); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_init_sec_context)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_init_sec_context(minor_status, claimant_cred_handle, context_handle, + target_name, mech_type, req_flags, time_req, input_chan_bindings, + input_token, actual_mech_type, output_token, ret_flags, time_rec); + WLog_DBG(TAG, "gss_init_sec_context: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_accept_sec_context( @@ -120,9 +235,18 @@ UINT32 SSPI_GSSAPI sspi_gss_accept_sec_context( UINT32* time_rec, sspi_gss_cred_id_t* delegated_cred_handle) { - GSSAPI_STUB_CALL(accept_sec_context, minor_status, context_handle, acceptor_cred_handle, - input_token_buffer, input_chan_bindings, src_name, mech_type, output_token, - ret_flags, time_rec, delegated_cred_handle); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_accept_sec_context)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_accept_sec_context(minor_status, context_handle, acceptor_cred_handle, + input_token_buffer, input_chan_bindings, src_name, mech_type, output_token, + ret_flags, time_rec, delegated_cred_handle); + WLog_DBG(TAG, "gss_accept_sec_context: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_process_context_token( @@ -130,7 +254,16 @@ UINT32 SSPI_GSSAPI sspi_gss_process_context_token( sspi_gss_ctx_id_t context_handle, sspi_gss_buffer_t token_buffer) { - GSSAPI_STUB_CALL(process_context_token, minor_status, context_handle, token_buffer); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_process_context_token)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_process_context_token(minor_status, context_handle, token_buffer); + WLog_DBG(TAG, "gss_process_context_token: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_delete_sec_context( @@ -138,7 +271,16 @@ UINT32 SSPI_GSSAPI sspi_gss_delete_sec_context( sspi_gss_ctx_id_t* context_handle, sspi_gss_buffer_t output_token) { - GSSAPI_STUB_CALL(delete_sec_context, minor_status, context_handle, output_token); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_delete_sec_context)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_delete_sec_context(minor_status, context_handle, output_token); + WLog_DBG(TAG, "gss_delete_sec_context: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_context_time( @@ -146,7 +288,16 @@ UINT32 SSPI_GSSAPI sspi_gss_context_time( sspi_gss_ctx_id_t context_handle, UINT32* time_rec) { - GSSAPI_STUB_CALL(context_time, minor_status, context_handle, time_rec); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_context_time)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_context_time(minor_status, context_handle, time_rec); + WLog_DBG(TAG, "gss_context_time: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_get_mic( @@ -156,7 +307,17 @@ UINT32 SSPI_GSSAPI sspi_gss_get_mic( sspi_gss_buffer_t message_buffer, sspi_gss_buffer_t message_token) { - GSSAPI_STUB_CALL(get_mic, minor_status, context_handle, qop_req, message_buffer, message_token); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_get_mic)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_get_mic(minor_status, context_handle, qop_req, message_buffer, + message_token); + WLog_DBG(TAG, "gss_get_mic: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_verify_mic( @@ -166,8 +327,17 @@ UINT32 SSPI_GSSAPI sspi_gss_verify_mic( sspi_gss_buffer_t message_token, sspi_gss_qop_t* qop_state) { - GSSAPI_STUB_CALL(verify_mic, minor_status, context_handle, message_buffer, message_token, - qop_state); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_verify_mic)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_verify_mic(minor_status, context_handle, message_buffer, message_token, + qop_state); + WLog_DBG(TAG, "gss_verify_mic: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_wrap( @@ -179,8 +349,17 @@ UINT32 SSPI_GSSAPI sspi_gss_wrap( int* conf_state, sspi_gss_buffer_t output_message_buffer) { - GSSAPI_STUB_CALL(wrap, minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, output_message_buffer); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_wrap)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_wrap(minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, output_message_buffer); + WLog_DBG(TAG, "gss_acquire_cred: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_unwrap( @@ -191,8 +370,17 @@ UINT32 SSPI_GSSAPI sspi_gss_unwrap( int* conf_state, sspi_gss_qop_t* qop_state) { - GSSAPI_STUB_CALL(unwrap, minor_status, context_handle, input_message_buffer, - output_message_buffer, conf_state, qop_state); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_unwrap)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_unwrap(minor_status, context_handle, input_message_buffer, + output_message_buffer, conf_state, qop_state); + WLog_DBG(TAG, "gss_unwrap: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_display_status( @@ -203,15 +391,33 @@ UINT32 SSPI_GSSAPI sspi_gss_display_status( UINT32* message_context, sspi_gss_buffer_t status_string) { - GSSAPI_STUB_CALL(display_status, minor_status, status_value, status_type, - mech_type, message_context, status_string); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_display_status)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_display_status(minor_status, status_value, status_type, + mech_type, message_context, status_string); + WLog_DBG(TAG, "gss_display_status: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_indicate_mechs( UINT32* minor_status, sspi_gss_OID_set* mech_set) { - GSSAPI_STUB_CALL(indicate_mechs, minor_status, mech_set); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_indicate_mechs)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_indicate_mechs(minor_status, mech_set); + WLog_DBG(TAG, "gss_indicate_mechs: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_compare_name( @@ -220,7 +426,16 @@ UINT32 SSPI_GSSAPI sspi_gss_compare_name( sspi_gss_name_t name2, int* name_equal) { - GSSAPI_STUB_CALL(compare_name, minor_status, name1, name2, name_equal); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_compare_name)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_compare_name(minor_status, name1, name2, name_equal); + WLog_DBG(TAG, "gss_compare_name: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_display_name( @@ -229,7 +444,16 @@ UINT32 SSPI_GSSAPI sspi_gss_display_name( sspi_gss_buffer_t output_name_buffer, sspi_gss_OID* output_name_type) { - GSSAPI_STUB_CALL(display_name, minor_status, input_name, output_name_buffer, output_name_type); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_display_name)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_display_name(minor_status, input_name, output_name_buffer, output_name_type); + WLog_DBG(TAG, "gss_display_name: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_import_name( @@ -238,28 +462,64 @@ UINT32 SSPI_GSSAPI sspi_gss_import_name( sspi_gss_OID input_name_type, sspi_gss_name_t* output_name) { - GSSAPI_STUB_CALL(import_name, minor_status, input_name_buffer, input_name_type, output_name); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_import_name)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_import_name(minor_status, input_name_buffer, input_name_type, output_name); + WLog_DBG(TAG, "gss_import_name: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_release_name( UINT32* minor_status, sspi_gss_name_t* input_name) { - GSSAPI_STUB_CALL(release_name, minor_status, input_name); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_release_name)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_release_name(minor_status, input_name); + WLog_DBG(TAG, "gss_release_name: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_release_buffer( UINT32* minor_status, sspi_gss_buffer_t buffer) { - GSSAPI_STUB_CALL(release_buffer, minor_status, buffer); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_release_buffer)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_release_buffer(minor_status, buffer); + WLog_DBG(TAG, "gss_release_buffer: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_release_oid_set( UINT32* minor_status, sspi_gss_OID_set* set) { - GSSAPI_STUB_CALL(release_oid_set, minor_status, set); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_release_oid_set)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_release_oid_set(minor_status, set); + WLog_DBG(TAG, "gss_release_oid_set: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_inquire_cred( @@ -270,7 +530,17 @@ UINT32 SSPI_GSSAPI sspi_gss_inquire_cred( sspi_gss_cred_usage_t* cred_usage, sspi_gss_OID_set* mechanisms) { - GSSAPI_STUB_CALL(inquire_cred, minor_status, cred_handle, name, lifetime, cred_usage, mechanisms); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_inquire_cred)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_inquire_cred(minor_status, cred_handle, name, lifetime, cred_usage, + mechanisms); + WLog_DBG(TAG, "gss_inquire_cred: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_inquire_context( @@ -284,8 +554,17 @@ UINT32 SSPI_GSSAPI sspi_gss_inquire_context( int* locally_initiated, int* open) { - GSSAPI_STUB_CALL(inquire_context, minor_status, context_handle, src_name, targ_name, - lifetime_rec, mech_type, ctx_flags, locally_initiated, open); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_inquire_context)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_inquire_context(minor_status, context_handle, src_name, targ_name, + lifetime_rec, mech_type, ctx_flags, locally_initiated, open); + WLog_DBG(TAG, "gss_inquire_context: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_wrap_size_limit( @@ -296,8 +575,17 @@ UINT32 SSPI_GSSAPI sspi_gss_wrap_size_limit( UINT32 req_output_size, UINT32* max_input_size) { - GSSAPI_STUB_CALL(wrap_size_limit, minor_status, context_handle, - conf_req_flag, qop_req, req_output_size, max_input_size); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_wrap_size_limit)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_wrap_size_limit(minor_status, context_handle, + conf_req_flag, qop_req, req_output_size, max_input_size); + WLog_DBG(TAG, "gss_wrap_size_limit: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_import_name_object( @@ -306,7 +594,16 @@ UINT32 SSPI_GSSAPI sspi_gss_import_name_object( sspi_gss_OID input_name_type, sspi_gss_name_t* output_name) { - GSSAPI_STUB_CALL(import_name_object, minor_status, input_name, input_name_type, output_name); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_import_name_object)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_import_name_object(minor_status, input_name, input_name_type, output_name); + WLog_DBG(TAG, "gss_import_name_object: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_export_name_object( @@ -315,7 +612,16 @@ UINT32 SSPI_GSSAPI sspi_gss_export_name_object( sspi_gss_OID desired_name_type, void** output_name) { - GSSAPI_STUB_CALL(export_name_object, minor_status, input_name, desired_name_type, output_name); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_export_name_object)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_export_name_object(minor_status, input_name, desired_name_type, output_name); + WLog_DBG(TAG, "gss_export_name_object: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_add_cred( @@ -331,9 +637,19 @@ UINT32 SSPI_GSSAPI sspi_gss_add_cred( UINT32* initiator_time_rec, UINT32* acceptor_time_rec) { - GSSAPI_STUB_CALL(add_cred, minor_status, input_cred_handle, desired_name, desired_mech, cred_usage, - initiator_time_req, acceptor_time_req, output_cred_handle, actual_mechs, initiator_time_rec, - acceptor_time_rec); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_add_cred)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_add_cred(minor_status, input_cred_handle, desired_name, desired_mech, + cred_usage, + initiator_time_req, acceptor_time_req, output_cred_handle, actual_mechs, initiator_time_rec, + acceptor_time_rec); + WLog_DBG(TAG, "gss_add_cred: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_inquire_cred_by_mech( @@ -345,8 +661,17 @@ UINT32 SSPI_GSSAPI sspi_gss_inquire_cred_by_mech( UINT32* acceptor_lifetime, sspi_gss_cred_usage_t* cred_usage) { - GSSAPI_STUB_CALL(inquire_cred_by_mech, minor_status, cred_handle, mech_type, name, - initiator_lifetime, acceptor_lifetime, cred_usage); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_inquire_cred_by_mech)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, + initiator_lifetime, acceptor_lifetime, cred_usage); + WLog_DBG(TAG, "gss_inquire_cred_by_mech: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_export_sec_context( @@ -354,7 +679,16 @@ UINT32 SSPI_GSSAPI sspi_gss_export_sec_context( sspi_gss_ctx_id_t* context_handle, sspi_gss_buffer_t interprocess_token) { - GSSAPI_STUB_CALL(export_sec_context, minor_status, context_handle, interprocess_token); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_export_sec_context)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_export_sec_context(minor_status, context_handle, interprocess_token); + WLog_DBG(TAG, "gss_export_sec_context: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_import_sec_context( @@ -362,21 +696,48 @@ UINT32 SSPI_GSSAPI sspi_gss_import_sec_context( sspi_gss_buffer_t interprocess_token, sspi_gss_ctx_id_t* context_handle) { - GSSAPI_STUB_CALL(import_sec_context, minor_status, interprocess_token, context_handle); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_import_sec_context)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_import_sec_context(minor_status, interprocess_token, context_handle); + WLog_DBG(TAG, "gss_import_sec_context: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_release_oid( UINT32* minor_status, sspi_gss_OID* oid) { - GSSAPI_STUB_CALL(release_oid, minor_status, oid); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_release_oid)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_release_oid(minor_status, oid); + WLog_DBG(TAG, "gss_release_oid: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_create_empty_oid_set( UINT32* minor_status, sspi_gss_OID_set* oid_set) { - GSSAPI_STUB_CALL(create_empty_oid_set, minor_status, oid_set); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_create_empty_oid_set)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_create_empty_oid_set(minor_status, oid_set); + WLog_DBG(TAG, "gss_create_empty_oid_set: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_add_oid_set_member( @@ -384,7 +745,16 @@ UINT32 SSPI_GSSAPI sspi_gss_add_oid_set_member( sspi_gss_OID member_oid, sspi_gss_OID_set* oid_set) { - GSSAPI_STUB_CALL(add_oid_set_member, minor_status, member_oid, oid_set); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_add_oid_set_member)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_add_oid_set_member(minor_status, member_oid, oid_set); + WLog_DBG(TAG, "gss_add_oid_set_member: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_test_oid_set_member( @@ -393,7 +763,16 @@ UINT32 SSPI_GSSAPI sspi_gss_test_oid_set_member( sspi_gss_OID_set set, int* present) { - GSSAPI_STUB_CALL(test_oid_set_member, minor_status, member, set, present); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_test_oid_set_member)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_test_oid_set_member(minor_status, member, set, present); + WLog_DBG(TAG, "gss_test_oid_set_member: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_str_to_oid( @@ -401,7 +780,16 @@ UINT32 SSPI_GSSAPI sspi_gss_str_to_oid( sspi_gss_buffer_t oid_str, sspi_gss_OID* oid) { - GSSAPI_STUB_CALL(str_to_oid, minor_status, oid_str, oid); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_str_to_oid)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_str_to_oid(minor_status, oid_str, oid); + WLog_DBG(TAG, "gss_str_to_oid: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_oid_to_str( @@ -409,7 +797,16 @@ UINT32 SSPI_GSSAPI sspi_gss_oid_to_str( sspi_gss_OID oid, sspi_gss_buffer_t oid_str) { - GSSAPI_STUB_CALL(oid_to_str, minor_status, oid, oid_str); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_oid_to_str)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_oid_to_str(minor_status, oid, oid_str); + WLog_DBG(TAG, "gss_oid_to_str: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_inquire_names_for_mech( @@ -417,7 +814,16 @@ UINT32 SSPI_GSSAPI sspi_gss_inquire_names_for_mech( sspi_gss_OID mechanism, sspi_gss_OID_set* name_types) { - GSSAPI_STUB_CALL(inquire_names_for_mech, minor_status, mechanism, name_types); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_inquire_names_for_mech)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_inquire_names_for_mech(minor_status, mechanism, name_types); + WLog_DBG(TAG, "gss_inquire_names_for_mech: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_inquire_mechs_for_name( @@ -425,7 +831,16 @@ UINT32 SSPI_GSSAPI sspi_gss_inquire_mechs_for_name( const sspi_gss_name_t input_name, sspi_gss_OID_set* mech_types) { - GSSAPI_STUB_CALL(inquire_mechs_for_name, minor_status, input_name, mech_types); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_inquire_mechs_for_name)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_inquire_mechs_for_name(minor_status, input_name, mech_types); + WLog_DBG(TAG, "gss_inquire_mechs_for_name: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_sign( @@ -435,7 +850,16 @@ UINT32 SSPI_GSSAPI sspi_gss_sign( sspi_gss_buffer_t message_buffer, sspi_gss_buffer_t message_token) { - GSSAPI_STUB_CALL(sign, minor_status, context_handle, qop_req, message_buffer, message_token); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_sign)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_sign(minor_status, context_handle, qop_req, message_buffer, message_token); + WLog_DBG(TAG, "gss_sign: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_verify( @@ -445,7 +869,17 @@ UINT32 SSPI_GSSAPI sspi_gss_verify( sspi_gss_buffer_t token_buffer, int* qop_state) { - GSSAPI_STUB_CALL(verify, minor_status, context_handle, message_buffer, token_buffer, qop_state); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_verify)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_verify(minor_status, context_handle, message_buffer, token_buffer, + qop_state); + WLog_DBG(TAG, "gss_verify: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_seal( @@ -457,8 +891,17 @@ UINT32 SSPI_GSSAPI sspi_gss_seal( int* conf_state, sspi_gss_buffer_t output_message_buffer) { - GSSAPI_STUB_CALL(seal, minor_status, context_handle, conf_req_flag, qop_req, - input_message_buffer, conf_state, output_message_buffer); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_seal)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_seal(minor_status, context_handle, conf_req_flag, qop_req, + input_message_buffer, conf_state, output_message_buffer); + WLog_DBG(TAG, "gss_seal: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_unseal( @@ -469,8 +912,18 @@ UINT32 SSPI_GSSAPI sspi_gss_unseal( int* conf_state, int* qop_state) { - GSSAPI_STUB_CALL(unseal, minor_status, context_handle, input_message_buffer, output_message_buffer, - conf_state, qop_state); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_unseal)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_unseal(minor_status, context_handle, input_message_buffer, + output_message_buffer, + conf_state, qop_state); + WLog_DBG(TAG, "gss_unseal: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_export_name( @@ -478,7 +931,16 @@ UINT32 SSPI_GSSAPI sspi_gss_export_name( const sspi_gss_name_t input_name, sspi_gss_buffer_t exported_name) { - GSSAPI_STUB_CALL(export_name, minor_status, input_name, exported_name); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_export_name)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_export_name(minor_status, input_name, exported_name); + WLog_DBG(TAG, "gss_export_name: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_duplicate_name( @@ -486,7 +948,16 @@ UINT32 SSPI_GSSAPI sspi_gss_duplicate_name( const sspi_gss_name_t input_name, sspi_gss_name_t* dest_name) { - GSSAPI_STUB_CALL(duplicate_name, minor_status, input_name, dest_name); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_duplicate_name)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_duplicate_name(minor_status, input_name, dest_name); + WLog_DBG(TAG, "gss_duplicate_name: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_canonicalize_name( @@ -495,7 +966,16 @@ UINT32 SSPI_GSSAPI sspi_gss_canonicalize_name( const sspi_gss_OID mech_type, sspi_gss_name_t* output_name) { - GSSAPI_STUB_CALL(canonicalize_name, minor_status, input_name, mech_type, output_name); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_canonicalize_name)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_canonicalize_name(minor_status, input_name, mech_type, output_name); + WLog_DBG(TAG, "gss_canonicalize_name: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_pseudo_random( @@ -506,8 +986,17 @@ UINT32 SSPI_GSSAPI sspi_gss_pseudo_random( ssize_t desired_output_len, sspi_gss_buffer_t prf_out) { - GSSAPI_STUB_CALL(pseudo_random, minor_status, context, prf_key, prf_in, desired_output_len, - prf_out); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_pseudo_random)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_pseudo_random(minor_status, context, prf_key, prf_in, desired_output_len, + prf_out); + WLog_DBG(TAG, "gss_pseudo_random: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_store_cred( @@ -520,8 +1009,17 @@ UINT32 SSPI_GSSAPI sspi_gss_store_cred( sspi_gss_OID_set* elements_stored, sspi_gss_cred_usage_t* cred_usage_stored) { - GSSAPI_STUB_CALL(store_cred, minor_status, input_cred_handle, input_usage, desired_mech, - overwrite_cred, default_cred, elements_stored, cred_usage_stored); + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); + + if (!(g_GssApi && g_GssApi->gss_store_cred)) + return SEC_E_UNSUPPORTED_FUNCTION; + + status = g_GssApi->gss_store_cred(minor_status, input_cred_handle, input_usage, desired_mech, + overwrite_cred, default_cred, elements_stored, cred_usage_stored); + WLog_DBG(TAG, "gss_store_cred: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } UINT32 SSPI_GSSAPI sspi_gss_set_neg_mechs( @@ -529,138 +1027,14 @@ UINT32 SSPI_GSSAPI sspi_gss_set_neg_mechs( sspi_gss_cred_id_t cred_handle, const sspi_gss_OID_set mech_set) { - GSSAPI_STUB_CALL(set_neg_mechs, minor_status, cred_handle, mech_set); -} - -#ifdef WITH_GSSAPI + SECURITY_STATUS status; + InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL); -#include + if (!(g_GssApi && g_GssApi->gss_set_neg_mechs)) + return SEC_E_UNSUPPORTED_FUNCTION; -GSSAPI_FUNCTION_TABLE g_GssApiLink = -{ - (fn_sspi_gss_acquire_cred) gss_acquire_cred, /* gss_acquire_cred */ - (fn_sspi_gss_release_cred) gss_release_cred, /* gss_release_cred */ - (fn_sspi_gss_init_sec_context) gss_init_sec_context, /* gss_init_sec_context */ - (fn_sspi_gss_accept_sec_context) gss_accept_sec_context, /* gss_accept_sec_context */ - (fn_sspi_gss_process_context_token) gss_process_context_token, /* gss_process_context_token */ - (fn_sspi_gss_delete_sec_context) gss_delete_sec_context, /* gss_delete_sec_context */ - (fn_sspi_gss_context_time) gss_context_time, /* gss_context_time */ - (fn_sspi_gss_get_mic) gss_get_mic, /* gss_get_mic */ - (fn_sspi_gss_verify_mic) gss_verify_mic, /* gss_verify_mic */ - (fn_sspi_gss_wrap) gss_wrap, /* gss_wrap */ - (fn_sspi_gss_unwrap) gss_unwrap, /* gss_unwrap */ - (fn_sspi_gss_display_status) gss_display_status, /* gss_display_status */ - (fn_sspi_gss_indicate_mechs) gss_indicate_mechs, /* gss_indicate_mechs */ - (fn_sspi_gss_compare_name) gss_compare_name, /* gss_compare_name */ - (fn_sspi_gss_display_name) gss_display_name, /* gss_display_name */ - (fn_sspi_gss_import_name) gss_import_name, /* gss_import_name */ - (fn_sspi_gss_release_name) gss_release_name, /* gss_release_name */ - (fn_sspi_gss_release_buffer) gss_release_buffer, /* gss_release_buffer */ - (fn_sspi_gss_release_oid_set) gss_release_oid_set, /* gss_release_oid_set */ - (fn_sspi_gss_inquire_cred) gss_inquire_cred, /* gss_inquire_cred */ - (fn_sspi_gss_inquire_context) gss_inquire_context, /* gss_inquire_context */ - (fn_sspi_gss_wrap_size_limit) gss_wrap_size_limit, /* gss_wrap_size_limit */ -#if 0 - (fn_sspi_gss_import_name_object) gss_import_name_object, /* gss_import_name_object */ - (fn_sspi_gss_export_name_object) gss_export_name_object, /* gss_export_name_object */ -#else - (fn_sspi_gss_import_name_object) NULL, /* gss_import_name_object */ - (fn_sspi_gss_export_name_object) NULL, /* gss_export_name_object */ -#endif - (fn_sspi_gss_add_cred) gss_add_cred, /* gss_add_cred */ - (fn_sspi_gss_inquire_cred_by_mech) gss_inquire_cred_by_mech, /* gss_inquire_cred_by_mech */ - (fn_sspi_gss_export_sec_context) gss_export_sec_context, /* gss_export_sec_context */ - (fn_sspi_gss_import_sec_context) gss_import_sec_context, /* gss_import_sec_context */ - (fn_sspi_gss_release_oid) gss_release_oid, /* gss_release_oid */ - (fn_sspi_gss_create_empty_oid_set) gss_create_empty_oid_set, /* gss_create_empty_oid_set */ - (fn_sspi_gss_add_oid_set_member) gss_add_oid_set_member, /* gss_add_oid_set_member */ - (fn_sspi_gss_test_oid_set_member) gss_test_oid_set_member, /* gss_test_oid_set_member */ -#ifdef WITH_GSSAPI_MIT - (fn_sspi_gss_str_to_oid) gss_str_to_oid, /* gss_str_to_oid */ -#else - (fn_sspi_gss_str_to_oid) NULL, /* gss_str_to_oid */ -#endif - (fn_sspi_gss_oid_to_str) gss_oid_to_str, /* gss_oid_to_str */ - (fn_sspi_gss_inquire_names_for_mech) gss_inquire_names_for_mech, /* gss_inquire_names_for_mech */ - (fn_sspi_gss_inquire_mechs_for_name) gss_inquire_mechs_for_name, /* gss_inquire_mechs_for_name */ - (fn_sspi_gss_sign) gss_sign, /* gss_sign */ - (fn_sspi_gss_verify) gss_verify, /* gss_verify */ - (fn_sspi_gss_seal) gss_seal, /* gss_seal */ - (fn_sspi_gss_unseal) gss_unseal, /* gss_unseal */ - (fn_sspi_gss_export_name) gss_export_name, /* gss_export_name */ - (fn_sspi_gss_duplicate_name) gss_duplicate_name, /* gss_duplicate_name */ - (fn_sspi_gss_canonicalize_name) gss_canonicalize_name, /* gss_canonicalize_name */ - (fn_sspi_gss_pseudo_random) gss_pseudo_random, /* gss_pseudo_random */ - (fn_sspi_gss_store_cred) gss_store_cred, /* gss_store_cred */ -#ifdef WITH_GSSAPI_MIT - (fn_sspi_gss_set_neg_mechs) gss_set_neg_mechs, /* gss_set_neg_mechs */ -#else - (fn_sspi_gss_set_neg_mechs) NULL, /* gss_set_neg_mechs */ -#endif -}; - -#endif - -GSSAPI_FUNCTION_TABLE g_GssApi = -{ - NULL, /* gss_acquire_cred */ - NULL, /* gss_release_cred */ - NULL, /* gss_init_sec_context */ - NULL, /* gss_accept_sec_context */ - NULL, /* gss_process_context_token */ - NULL, /* gss_delete_sec_context */ - NULL, /* gss_context_time */ - NULL, /* gss_get_mic */ - NULL, /* gss_verify_mic */ - NULL, /* gss_wrap */ - NULL, /* gss_unwrap */ - NULL, /* gss_display_status */ - NULL, /* gss_indicate_mechs */ - NULL, /* gss_compare_name */ - NULL, /* gss_display_name */ - NULL, /* gss_import_name */ - NULL, /* gss_release_name */ - NULL, /* gss_release_buffer */ - NULL, /* gss_release_oid_set */ - NULL, /* gss_inquire_cred */ - NULL, /* gss_inquire_context */ - NULL, /* gss_wrap_size_limit */ - NULL, /* gss_import_name_object */ - NULL, /* gss_export_name_object */ - NULL, /* gss_add_cred */ - NULL, /* gss_inquire_cred_by_mech */ - NULL, /* gss_export_sec_context */ - NULL, /* gss_import_sec_context */ - NULL, /* gss_release_oid */ - NULL, /* gss_create_empty_oid_set */ - NULL, /* gss_add_oid_set_member */ - NULL, /* gss_test_oid_set_member */ - NULL, /* gss_str_to_oid */ - NULL, /* gss_oid_to_str */ - NULL, /* gss_inquire_names_for_mech */ - NULL, /* gss_inquire_mechs_for_name */ - NULL, /* gss_sign */ - NULL, /* gss_verify */ - NULL, /* gss_seal */ - NULL, /* gss_unseal */ - NULL, /* gss_export_name */ - NULL, /* gss_duplicate_name */ - NULL, /* gss_canonicalize_name */ - NULL, /* gss_pseudo_random */ - NULL, /* gss_store_cred */ - NULL, /* gss_set_neg_mechs */ -}; - -int sspi_GssApiInit() -{ - if (g_Initialized) - return 1; - - g_Initialized = TRUE; -#ifdef WITH_GSSAPI - CopyMemory(&g_GssApi, &g_GssApiLink, sizeof(GSSAPI_FUNCTION_TABLE)); - return 1; -#else - return -1; -#endif + status = g_GssApi->gss_set_neg_mechs(minor_status, cred_handle, mech_set); + WLog_DBG(TAG, "gss_set_neg_mechs: %s (0x%08"PRIX32")", + GetSecurityStatusString(status), status); + return status; } diff --git a/winpr/libwinpr/sspi/sspi_gss.h b/winpr/libwinpr/sspi/sspi_gss.h index 4ad9988..ad4f219 100644 --- a/winpr/libwinpr/sspi/sspi_gss.h +++ b/winpr/libwinpr/sspi/sspi_gss.h @@ -4,6 +4,7 @@ * * Copyright 2015 ANSSI, Author Thomas Calderon * Copyright 2015 Marc-Andre Moreau + * Copyright 2017 Dorian Ducournau * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -870,6 +871,8 @@ struct _GSSAPI_FUNCTION_TABLE }; typedef struct _GSSAPI_FUNCTION_TABLE GSSAPI_FUNCTION_TABLE; +GSSAPI_FUNCTION_TABLE* SEC_ENTRY gssApi_InitSecurityInterface(void); + #ifdef __cplusplus extern "C" { #endif diff --git a/winpr/libwinpr/sspi/sspi_winpr.c b/winpr/libwinpr/sspi/sspi_winpr.c index cff5178..a8b1d6a 100644 --- a/winpr/libwinpr/sspi/sspi_winpr.c +++ b/winpr/libwinpr/sspi/sspi_winpr.c @@ -275,6 +275,7 @@ void sspi_SecBufferFree(PSecBuffer SecBuffer) if (SecBuffer->pvBuffer) memset(SecBuffer->pvBuffer, 0, SecBuffer->cbBuffer); + free(SecBuffer->pvBuffer); SecBuffer->pvBuffer = NULL; SecBuffer->cbBuffer = 0; diff --git a/winpr/libwinpr/sspi/test/TestAcquireCredentialsHandle.c b/winpr/libwinpr/sspi/test/TestAcquireCredentialsHandle.c index 7c4eda7..1a99e52 100644 --- a/winpr/libwinpr/sspi/test/TestAcquireCredentialsHandle.c +++ b/winpr/libwinpr/sspi/test/TestAcquireCredentialsHandle.c @@ -16,14 +16,12 @@ int TestAcquireCredentialsHandle(int argc, char* argv[]) SEC_WINNT_AUTH_IDENTITY identity; SecurityFunctionTable* table; SecPkgCredentials_Names credential_names; - sspi_GlobalInit(); - table = InitSecurityInterface(); - identity.User = (UINT16*) _strdup(test_User); identity.Domain = (UINT16*) _strdup(test_Domain); identity.Password = (UINT16*) _strdup(test_Password); + if (!identity.User || !identity.Domain || !identity.Password) { free(identity.User); @@ -32,13 +30,13 @@ int TestAcquireCredentialsHandle(int argc, char* argv[]) fprintf(stderr, "Memory allocation failed\n"); return -1; } + identity.UserLength = strlen(test_User); identity.DomainLength = strlen(test_Domain); identity.PasswordLength = strlen(test_Password); identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; - - status = table->AcquireCredentialsHandle(NULL, NTLMSSP_NAME, - SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration); + status = table->AcquireCredentialsHandle(NULL, NTLM_SSP_NAME, + SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration); if (status != SEC_E_OK) { @@ -55,7 +53,6 @@ int TestAcquireCredentialsHandle(int argc, char* argv[]) } sspi_GlobalFinish(); - return 0; } diff --git a/winpr/libwinpr/sspi/test/TestInitializeSecurityContext.c b/winpr/libwinpr/sspi/test/TestInitializeSecurityContext.c index ac91a25..f618736 100644 --- a/winpr/libwinpr/sspi/test/TestInitializeSecurityContext.c +++ b/winpr/libwinpr/sspi/test/TestInitializeSecurityContext.c @@ -24,12 +24,9 @@ int TestInitializeSecurityContext(int argc, char* argv[]) PSecBuffer p_SecBuffer; SecBuffer output_SecBuffer; SecBufferDesc output_SecBuffer_desc; - sspi_GlobalInit(); - table = InitSecurityInterface(); - - status = QuerySecurityPackageInfo(NTLMSSP_NAME, &pPackageInfo); + status = QuerySecurityPackageInfo(NTLM_SSP_NAME, &pPackageInfo); if (status != SEC_E_OK) { @@ -38,10 +35,10 @@ int TestInitializeSecurityContext(int argc, char* argv[]) } cbMaxLen = pPackageInfo->cbMaxToken; - identity.User = (UINT16*) _strdup(test_User); identity.Domain = (UINT16*) _strdup(test_Domain); identity.Password = (UINT16*) _strdup(test_Password); + if (!identity.User || !identity.Domain || !identity.Password) { free(identity.User); @@ -55,9 +52,8 @@ int TestInitializeSecurityContext(int argc, char* argv[]) identity.DomainLength = strlen(test_Domain); identity.PasswordLength = strlen(test_Password); identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; - - status = table->AcquireCredentialsHandle(NULL, NTLMSSP_NAME, - SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration); + status = table->AcquireCredentialsHandle(NULL, NTLM_SSP_NAME, + SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration); if (status != SEC_E_OK) { @@ -66,9 +62,10 @@ int TestInitializeSecurityContext(int argc, char* argv[]) return -1; } - fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_DELEGATE; - + fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | + ISC_REQ_DELEGATE; output_buffer = malloc(cbMaxLen); + if (!output_buffer) { printf("Memory allocation failed\n"); @@ -79,13 +76,11 @@ int TestInitializeSecurityContext(int argc, char* argv[]) output_SecBuffer_desc.ulVersion = 0; output_SecBuffer_desc.cBuffers = 1; output_SecBuffer_desc.pBuffers = &output_SecBuffer; - output_SecBuffer.cbBuffer = cbMaxLen; output_SecBuffer.BufferType = SECBUFFER_TOKEN; output_SecBuffer.pvBuffer = output_buffer; - status = table->InitializeSecurityContext(&credentials, NULL, NULL, fContextReq, 0, 0, NULL, 0, - &context, &output_SecBuffer_desc, &pfContextAttr, &expiration); + &context, &output_SecBuffer_desc, &pfContextAttr, &expiration); if (status != SEC_I_CONTINUE_NEEDED) { @@ -94,18 +89,14 @@ int TestInitializeSecurityContext(int argc, char* argv[]) return -1; } - printf("cBuffers: %"PRIu32" ulVersion: %"PRIu32"\n", output_SecBuffer_desc.cBuffers, output_SecBuffer_desc.ulVersion); - + printf("cBuffers: %"PRIu32" ulVersion: %"PRIu32"\n", output_SecBuffer_desc.cBuffers, + output_SecBuffer_desc.ulVersion); p_SecBuffer = &output_SecBuffer_desc.pBuffers[0]; - - printf("BufferType: 0x%08"PRIX32" cbBuffer: %"PRIu32"\n", p_SecBuffer->BufferType, p_SecBuffer->cbBuffer); - + printf("BufferType: 0x%08"PRIX32" cbBuffer: %"PRIu32"\n", p_SecBuffer->BufferType, + p_SecBuffer->cbBuffer); table->FreeCredentialsHandle(&credentials); - FreeContextBuffer(pPackageInfo); - sspi_GlobalFinish(); - return 0; } diff --git a/winpr/libwinpr/sspi/test/TestNTLM.c b/winpr/libwinpr/sspi/test/TestNTLM.c index ffac39d..539d993 100644 --- a/winpr/libwinpr/sspi/test/TestNTLM.c +++ b/winpr/libwinpr/sspi/test/TestNTLM.c @@ -11,50 +11,50 @@ static BYTE TEST_NTLM_CLIENT_CHALLENGE[8] = { 0x20, 0xc0, 0x2b, 0x3d, 0xc0, 0x61 static BYTE TEST_NTLM_SERVER_CHALLENGE[8] = { 0xa4, 0xf1, 0xba, 0xa6, 0x7c, 0xdc, 0x1a, 0x12 }; static BYTE TEST_NTLM_NEGOTIATE[] = - "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x06\x03\x80\x25\x00\x00\x00\x0f"; + "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x06\x03\x80\x25\x00\x00\x00\x0f"; static BYTE TEST_NTLM_CHALLENGE[] = - "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x02\x00\x00\x00\x00\x00\x00\x00" - "\x38\x00\x00\x00\x07\x82\x88\xa2\xa4\xf1\xba\xa6\x7c\xdc\x1a\x12" - "\x00\x00\x00\x00\x00\x00\x00\x00\x66\x00\x66\x00\x38\x00\x00\x00" - "\x06\x03\x80\x25\x00\x00\x00\x0f\x02\x00\x0e\x00\x4e\x00\x45\x00" - "\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x01\x00\x0e\x00\x4e\x00" - "\x45\x00\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x04\x00\x1c\x00" - "\x6c\x00\x61\x00\x62\x00\x2e\x00\x77\x00\x61\x00\x79\x00\x6b\x00" - "\x2e\x00\x6c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x03\x00\x0e\x00" - "\x6e\x00\x65\x00\x77\x00\x79\x00\x65\x00\x61\x00\x72\x00\x07\x00" - "\x08\x00\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x00\x00\x00\x00"; + "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x02\x00\x00\x00\x00\x00\x00\x00" + "\x38\x00\x00\x00\x07\x82\x88\xa2\xa4\xf1\xba\xa6\x7c\xdc\x1a\x12" + "\x00\x00\x00\x00\x00\x00\x00\x00\x66\x00\x66\x00\x38\x00\x00\x00" + "\x06\x03\x80\x25\x00\x00\x00\x0f\x02\x00\x0e\x00\x4e\x00\x45\x00" + "\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x01\x00\x0e\x00\x4e\x00" + "\x45\x00\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x04\x00\x1c\x00" + "\x6c\x00\x61\x00\x62\x00\x2e\x00\x77\x00\x61\x00\x79\x00\x6b\x00" + "\x2e\x00\x6c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x03\x00\x0e\x00" + "\x6e\x00\x65\x00\x77\x00\x79\x00\x65\x00\x61\x00\x72\x00\x07\x00" + "\x08\x00\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x00\x00\x00\x00"; static BYTE TEST_NTLM_AUTHENTICATE[] = - "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x03\x00\x00\x00\x18\x00\x18\x00" - "\x82\x00\x00\x00\x08\x01\x08\x01\x9a\x00\x00\x00\x0c\x00\x0c\x00" - "\x58\x00\x00\x00\x10\x00\x10\x00\x64\x00\x00\x00\x0e\x00\x0e\x00" - "\x74\x00\x00\x00\x00\x00\x00\x00\xa2\x01\x00\x00\x05\x82\x88\xa2" - "\x06\x03\x80\x25\x00\x00\x00\x0f\x12\xe5\x5a\xf5\x80\xee\x3f\x29" - "\xe1\xde\x90\x4d\x73\x77\x06\x25\x44\x00\x6f\x00\x6d\x00\x61\x00" - "\x69\x00\x6e\x00\x55\x00\x73\x00\x65\x00\x72\x00\x6e\x00\x61\x00" - "\x6d\x00\x65\x00\x4e\x00\x45\x00\x57\x00\x59\x00\x45\x00\x41\x00" - "\x52\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x14\x68\xc8\x98\x12" - "\xe7\x39\xd8\x76\x1b\xe9\xf7\x54\xb5\xe3\x01\x01\x00\x00\x00\x00" - "\x00\x00\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x20\xc0\x2b\x3d\xc0\x61" - "\xa7\x73\x00\x00\x00\x00\x02\x00\x0e\x00\x4e\x00\x45\x00\x57\x00" - "\x59\x00\x45\x00\x41\x00\x52\x00\x01\x00\x0e\x00\x4e\x00\x45\x00" - "\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x04\x00\x1c\x00\x6c\x00" - "\x61\x00\x62\x00\x2e\x00\x77\x00\x61\x00\x79\x00\x6b\x00\x2e\x00" - "\x6c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x03\x00\x0e\x00\x6e\x00" - "\x65\x00\x77\x00\x79\x00\x65\x00\x61\x00\x72\x00\x07\x00\x08\x00" - "\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x06\x00\x04\x00\x02\x00\x00\x00" - "\x08\x00\x30\x00\x30\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00" - "\x00\x20\x00\x00\x1e\x10\xf5\x2c\x54\x2f\x2e\x77\x1c\x13\xbf\xc3" - "\x3f\xe1\x7b\x28\x7e\x0b\x93\x5a\x39\xd2\xce\x12\xd7\xbd\x8c\x4e" - "\x2b\xb5\x0b\xf5\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x1a\x00\x48\x00\x54\x00" - "\x54\x00\x50\x00\x2f\x00\x72\x00\x77\x00\x2e\x00\x6c\x00\x6f\x00" - "\x63\x00\x61\x00\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00"; + "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x03\x00\x00\x00\x18\x00\x18\x00" + "\x82\x00\x00\x00\x08\x01\x08\x01\x9a\x00\x00\x00\x0c\x00\x0c\x00" + "\x58\x00\x00\x00\x10\x00\x10\x00\x64\x00\x00\x00\x0e\x00\x0e\x00" + "\x74\x00\x00\x00\x00\x00\x00\x00\xa2\x01\x00\x00\x05\x82\x88\xa2" + "\x06\x03\x80\x25\x00\x00\x00\x0f\x12\xe5\x5a\xf5\x80\xee\x3f\x29" + "\xe1\xde\x90\x4d\x73\x77\x06\x25\x44\x00\x6f\x00\x6d\x00\x61\x00" + "\x69\x00\x6e\x00\x55\x00\x73\x00\x65\x00\x72\x00\x6e\x00\x61\x00" + "\x6d\x00\x65\x00\x4e\x00\x45\x00\x57\x00\x59\x00\x45\x00\x41\x00" + "\x52\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x14\x68\xc8\x98\x12" + "\xe7\x39\xd8\x76\x1b\xe9\xf7\x54\xb5\xe3\x01\x01\x00\x00\x00\x00" + "\x00\x00\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x20\xc0\x2b\x3d\xc0\x61" + "\xa7\x73\x00\x00\x00\x00\x02\x00\x0e\x00\x4e\x00\x45\x00\x57\x00" + "\x59\x00\x45\x00\x41\x00\x52\x00\x01\x00\x0e\x00\x4e\x00\x45\x00" + "\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x04\x00\x1c\x00\x6c\x00" + "\x61\x00\x62\x00\x2e\x00\x77\x00\x61\x00\x79\x00\x6b\x00\x2e\x00" + "\x6c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x03\x00\x0e\x00\x6e\x00" + "\x65\x00\x77\x00\x79\x00\x65\x00\x61\x00\x72\x00\x07\x00\x08\x00" + "\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x06\x00\x04\x00\x02\x00\x00\x00" + "\x08\x00\x30\x00\x30\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00" + "\x00\x20\x00\x00\x1e\x10\xf5\x2c\x54\x2f\x2e\x77\x1c\x13\xbf\xc3" + "\x3f\xe1\x7b\x28\x7e\x0b\x93\x5a\x39\xd2\xce\x12\xd7\xbd\x8c\x4e" + "\x2b\xb5\x0b\xf5\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x1a\x00\x48\x00\x54\x00" + "\x54\x00\x50\x00\x2f\x00\x72\x00\x77\x00\x2e\x00\x6c\x00\x6f\x00" + "\x63\x00\x61\x00\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00"; #define TEST_SSPI_INTERFACE SSPI_INTERFACE_WINPR @@ -72,7 +72,7 @@ static const BYTE TEST_NTLM_HASH[16] = static const BYTE TEST_NTLM_V2_HASH[16] = { 0x4c, 0x7f, 0x70, 0x6f, 0x7d, 0xde, 0x05, 0xa9, 0xd1, 0xa0, 0xf4, 0xe7, 0xff, 0xe3, 0xbf, 0xb8 }; -#define NTLM_PACKAGE_NAME NTLMSSP_NAME +#define NTLM_PACKAGE_NAME NTLM_SSP_NAME struct _TEST_NTLM_CLIENT { @@ -97,7 +97,8 @@ struct _TEST_NTLM_CLIENT }; typedef struct _TEST_NTLM_CLIENT TEST_NTLM_CLIENT; -int test_ntlm_client_init(TEST_NTLM_CLIENT* ntlm, const char* user, const char* domain, const char* password) +int test_ntlm_client_init(TEST_NTLM_CLIENT* ntlm, const char* user, const char* domain, + const char* password) { SECURITY_STATUS status; SecInvalidateHandle(&(ntlm->context)); @@ -108,18 +109,18 @@ int test_ntlm_client_init(TEST_NTLM_CLIENT* ntlm, const char* user, const char* if (status != SEC_E_OK) { fprintf(stderr, "QuerySecurityPackageInfo status: %s (0x%08"PRIX32")\n", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); return -1; } ntlm->cbMaxToken = ntlm->pPackageInfo->cbMaxToken; status = ntlm->table->AcquireCredentialsHandle(NULL, NTLM_PACKAGE_NAME, - SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL, &ntlm->credentials, &ntlm->expiration); + SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL, &ntlm->credentials, &ntlm->expiration); if (status != SEC_E_OK) { fprintf(stderr, "AcquireCredentialsHandle status: %s (0x%08"PRIX32")\n", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); return -1; } @@ -236,12 +237,12 @@ int test_ntlm_client_authenticate(TEST_NTLM_CLIENT* ntlm) } status = ntlm->table->InitializeSecurityContext(&ntlm->credentials, - (ntlm->haveContext) ? &ntlm->context : NULL, - (ntlm->ServicePrincipalName) ? ntlm->ServicePrincipalName : NULL, - ntlm->fContextReq, 0, SECURITY_NATIVE_DREP, - (ntlm->haveInputBuffer) ? &ntlm->inputBufferDesc : NULL, - 0, &ntlm->context, &ntlm->outputBufferDesc, - &ntlm->pfContextAttr, &ntlm->expiration); + (ntlm->haveContext) ? &ntlm->context : NULL, + (ntlm->ServicePrincipalName) ? ntlm->ServicePrincipalName : NULL, + ntlm->fContextReq, 0, SECURITY_NATIVE_DREP, + (ntlm->haveInputBuffer) ? &ntlm->inputBufferDesc : NULL, + 0, &ntlm->context, &ntlm->outputBufferDesc, + &ntlm->pfContextAttr, &ntlm->expiration); if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED)) { @@ -319,19 +320,19 @@ int test_ntlm_server_init(TEST_NTLM_SERVER* ntlm) if (status != SEC_E_OK) { fprintf(stderr, "QuerySecurityPackageInfo status: %s (0x%08"PRIX32")\n", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); return -1; } ntlm->cbMaxToken = ntlm->pPackageInfo->cbMaxToken; status = ntlm->table->AcquireCredentialsHandle(NULL, NTLM_PACKAGE_NAME, - SECPKG_CRED_INBOUND, NULL, NULL, NULL, NULL, - &ntlm->credentials, &ntlm->expiration); + SECPKG_CRED_INBOUND, NULL, NULL, NULL, NULL, + &ntlm->credentials, &ntlm->expiration); if (status != SEC_E_OK) { fprintf(stderr, "AcquireCredentialsHandle status: %s (0x%08"PRIX32")\n", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); return -1; } @@ -388,13 +389,14 @@ int test_ntlm_server_authenticate(TEST_NTLM_SERVER* ntlm) ntlm->outputBuffer[0].BufferType = SECBUFFER_TOKEN; ntlm->outputBuffer[0].cbBuffer = ntlm->cbMaxToken; ntlm->outputBuffer[0].pvBuffer = malloc(ntlm->outputBuffer[0].cbBuffer); + if (!ntlm->outputBuffer[0].pvBuffer) return -1; status = ntlm->table->AcceptSecurityContext(&ntlm->credentials, - ntlm->haveContext? &ntlm->context: NULL, - &ntlm->inputBufferDesc, ntlm->fContextReq, SECURITY_NATIVE_DREP, &ntlm->context, - &ntlm->outputBufferDesc, &ntlm->pfContextAttr, &ntlm->expiration); + ntlm->haveContext ? &ntlm->context : NULL, + &ntlm->inputBufferDesc, ntlm->fContextReq, SECURITY_NATIVE_DREP, &ntlm->context, + &ntlm->outputBufferDesc, &ntlm->pfContextAttr, &ntlm->expiration); if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED)) { @@ -402,7 +404,8 @@ int test_ntlm_server_authenticate(TEST_NTLM_SERVER* ntlm) SecPkgContext_AuthNtlmHash AuthNtlmHash; ZeroMemory(&AuthIdentity, sizeof(SecPkgContext_AuthIdentity)); ZeroMemory(&AuthNtlmHash, sizeof(SecPkgContext_AuthNtlmHash)); - status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_AUTH_IDENTITY, &AuthIdentity); + status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_AUTH_IDENTITY, + &AuthIdentity); if (status == SEC_E_OK) { @@ -420,7 +423,7 @@ int test_ntlm_server_authenticate(TEST_NTLM_SERVER* ntlm) } status = ntlm->table->SetContextAttributes(&ntlm->context, - SECPKG_ATTR_AUTH_NTLM_HASH, &AuthNtlmHash, sizeof(SecPkgContext_AuthNtlmHash)); + SECPKG_ATTR_AUTH_NTLM_HASH, &AuthNtlmHash, sizeof(SecPkgContext_AuthNtlmHash)); } } @@ -436,7 +439,7 @@ int test_ntlm_server_authenticate(TEST_NTLM_SERVER* ntlm) if ((status != SEC_E_OK) && (status != SEC_I_CONTINUE_NEEDED)) { fprintf(stderr, "AcceptSecurityContext status: %s (0x%08"PRIX32")\n", - GetSecurityStatusString(status), status); + GetSecurityStatusString(status), status); return -1; /* Access Denied */ } @@ -475,11 +478,13 @@ int TestNTLM(int argc, char* argv[]) * Client Initialization */ client = test_ntlm_client_new(); + if (!client) { printf("Memory allocation failed"); return -1; } + status = test_ntlm_client_init(client, TEST_NTLM_USER, TEST_NTLM_DOMAIN, TEST_NTLM_PASSWORD); if (status < 0) @@ -492,11 +497,13 @@ int TestNTLM(int argc, char* argv[]) * Server Initialization */ server = test_ntlm_server_new(); + if (!server) { printf("Memory allocation failed\n"); return -1; } + status = test_ntlm_server_init(server); if (status < 0) @@ -524,24 +531,25 @@ int TestNTLM(int argc, char* argv[]) CopyMemory(AuthNtlmTimestamp.Timestamp, TEST_NTLM_TIMESTAMP, 8); AuthNtlmTimestamp.ChallengeOrResponse = TRUE; client->table->SetContextAttributes(&client->context, SECPKG_ATTR_AUTH_NTLM_TIMESTAMP, - &AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp)); + &AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp)); AuthNtlmTimestamp.ChallengeOrResponse = FALSE; client->table->SetContextAttributes(&client->context, SECPKG_ATTR_AUTH_NTLM_TIMESTAMP, - &AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp)); + &AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp)); CopyMemory(AuthNtlmClientChallenge.ClientChallenge, TEST_NTLM_CLIENT_CHALLENGE, 8); CopyMemory(AuthNtlmServerChallenge.ServerChallenge, TEST_NTLM_SERVER_CHALLENGE, 8); client->table->SetContextAttributes(&client->context, SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE, - &AuthNtlmClientChallenge, sizeof(SecPkgContext_AuthNtlmClientChallenge)); + &AuthNtlmClientChallenge, sizeof(SecPkgContext_AuthNtlmClientChallenge)); client->table->SetContextAttributes(&client->context, SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE, - &AuthNtlmServerChallenge, sizeof(SecPkgContext_AuthNtlmServerChallenge)); + &AuthNtlmServerChallenge, sizeof(SecPkgContext_AuthNtlmServerChallenge)); } pSecBuffer = &(client->outputBuffer[0]); if (!DynamicTest) { - pSecBuffer->cbBuffer = sizeof(TEST_NTLM_NEGOTIATE) -1; + pSecBuffer->cbBuffer = sizeof(TEST_NTLM_NEGOTIATE) - 1; pSecBuffer->pvBuffer = (void*) malloc(pSecBuffer->cbBuffer); + if (!pSecBuffer->pvBuffer) { printf("Memory allocation failed\n"); @@ -577,16 +585,16 @@ int TestNTLM(int argc, char* argv[]) CopyMemory(AuthNtlmTimestamp.Timestamp, TEST_NTLM_TIMESTAMP, 8); AuthNtlmTimestamp.ChallengeOrResponse = TRUE; client->table->SetContextAttributes(&server->context, SECPKG_ATTR_AUTH_NTLM_TIMESTAMP, - &AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp)); + &AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp)); AuthNtlmTimestamp.ChallengeOrResponse = FALSE; client->table->SetContextAttributes(&server->context, SECPKG_ATTR_AUTH_NTLM_TIMESTAMP, - &AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp)); + &AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp)); CopyMemory(AuthNtlmClientChallenge.ClientChallenge, TEST_NTLM_CLIENT_CHALLENGE, 8); CopyMemory(AuthNtlmServerChallenge.ServerChallenge, TEST_NTLM_SERVER_CHALLENGE, 8); server->table->SetContextAttributes(&server->context, SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE, - &AuthNtlmClientChallenge, sizeof(SecPkgContext_AuthNtlmClientChallenge)); + &AuthNtlmClientChallenge, sizeof(SecPkgContext_AuthNtlmClientChallenge)); server->table->SetContextAttributes(&server->context, SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE, - &AuthNtlmServerChallenge, sizeof(SecPkgContext_AuthNtlmServerChallenge)); + &AuthNtlmServerChallenge, sizeof(SecPkgContext_AuthNtlmServerChallenge)); } pSecBuffer = &(server->outputBuffer[0]); @@ -594,19 +602,21 @@ int TestNTLM(int argc, char* argv[]) if (!DynamicTest) { SecPkgContext_AuthNtlmMessage AuthNtlmMessage; - pSecBuffer->cbBuffer = sizeof(TEST_NTLM_CHALLENGE) -1; + pSecBuffer->cbBuffer = sizeof(TEST_NTLM_CHALLENGE) - 1; pSecBuffer->pvBuffer = (void*) malloc(pSecBuffer->cbBuffer); + if (!pSecBuffer->pvBuffer) { printf("Memory allocation failed\n"); return -1; } + CopyMemory(pSecBuffer->pvBuffer, TEST_NTLM_CHALLENGE, pSecBuffer->cbBuffer); AuthNtlmMessage.type = 2; AuthNtlmMessage.length = pSecBuffer->cbBuffer; AuthNtlmMessage.buffer = (BYTE*) pSecBuffer->pvBuffer; server->table->SetContextAttributes(&server->context, SECPKG_ATTR_AUTH_NTLM_MESSAGE, - &AuthNtlmMessage, sizeof(SecPkgContext_AuthNtlmMessage)); + &AuthNtlmMessage, sizeof(SecPkgContext_AuthNtlmMessage)); } fprintf(stderr, "NTLM_CHALLENGE (length = %"PRIu32"):\n", pSecBuffer->cbBuffer); @@ -631,13 +641,15 @@ int TestNTLM(int argc, char* argv[]) if (!DynamicTest) { - pSecBuffer->cbBuffer = sizeof(TEST_NTLM_AUTHENTICATE) -1; + pSecBuffer->cbBuffer = sizeof(TEST_NTLM_AUTHENTICATE) - 1; pSecBuffer->pvBuffer = (void*) malloc(pSecBuffer->cbBuffer); + if (!pSecBuffer->pvBuffer) { printf("Memory allocation failed\n"); return -1; } + CopyMemory(pSecBuffer->pvBuffer, TEST_NTLM_AUTHENTICATE, pSecBuffer->cbBuffer); } diff --git a/winpr/libwinpr/sspi/test/TestQuerySecurityPackageInfo.c b/winpr/libwinpr/sspi/test/TestQuerySecurityPackageInfo.c index c86e199..a738e0b 100644 --- a/winpr/libwinpr/sspi/test/TestQuerySecurityPackageInfo.c +++ b/winpr/libwinpr/sspi/test/TestQuerySecurityPackageInfo.c @@ -8,10 +8,8 @@ int TestQuerySecurityPackageInfo(int argc, char* argv[]) { SECURITY_STATUS status; SecPkgInfo* pPackageInfo; - sspi_GlobalInit(); - - status = QuerySecurityPackageInfo(NTLMSSP_NAME, &pPackageInfo); + status = QuerySecurityPackageInfo(NTLM_SSP_NAME, &pPackageInfo); if (status != SEC_E_OK) { @@ -21,9 +19,7 @@ int TestQuerySecurityPackageInfo(int argc, char* argv[]) _tprintf(_T("\nQuerySecurityPackageInfo:\n")); _tprintf(_T("\"%s\", \"%s\"\n"), pPackageInfo->Name, pPackageInfo->Comment); - sspi_GlobalFinish(); - return 0; } -- 2.7.4