/src/FreeRDP/winpr/libwinpr/sspi/sspi.c
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * FreeRDP: A Remote Desktop Protocol Implementation |
3 | | * Security Support Provider Interface (SSPI) |
4 | | * |
5 | | * Copyright 2012-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com> |
6 | | * |
7 | | * Licensed under the Apache License, Version 2.0 (the "License"); |
8 | | * you may not use this file except in compliance with the License. |
9 | | * You may obtain a copy of the License at |
10 | | * |
11 | | * http://www.apache.org/licenses/LICENSE-2.0 |
12 | | * |
13 | | * Unless required by applicable law or agreed to in writing, software |
14 | | * distributed under the License is distributed on an "AS IS" BASIS, |
15 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
16 | | * See the License for the specific language governing permissions and |
17 | | * limitations under the License. |
18 | | */ |
19 | | |
20 | | #include <winpr/platform.h> |
21 | | #include <winpr/config.h> |
22 | | |
23 | | WINPR_PRAGMA_DIAG_PUSH |
24 | | WINPR_PRAGMA_DIAG_IGNORED_RESERVED_ID_MACRO |
25 | | |
26 | | #define _NO_KSECDD_IMPORT_ 1 |
27 | | |
28 | | WINPR_PRAGMA_DIAG_POP |
29 | | |
30 | | #include <winpr/sspi.h> |
31 | | |
32 | | #include <winpr/crt.h> |
33 | | #include <winpr/synch.h> |
34 | | #include <winpr/wlog.h> |
35 | | #include <winpr/library.h> |
36 | | #include <winpr/environment.h> |
37 | | |
38 | | #include "sspi.h" |
39 | | |
40 | | WINPR_PRAGMA_DIAG_PUSH |
41 | | WINPR_PRAGMA_DIAG_IGNORED_MISSING_PROTOTYPES |
42 | | |
43 | | static wLog* g_Log = NULL; |
44 | | |
45 | | static INIT_ONCE g_Initialized = INIT_ONCE_STATIC_INIT; |
46 | | #if defined(WITH_NATIVE_SSPI) |
47 | | static HMODULE g_SspiModule = NULL; |
48 | | static SecurityFunctionTableW windows_SecurityFunctionTableW = { 0 }; |
49 | | static SecurityFunctionTableA windows_SecurityFunctionTableA = { 0 }; |
50 | | #endif |
51 | | |
52 | | static SecurityFunctionTableW* g_SspiW = NULL; |
53 | | static SecurityFunctionTableA* g_SspiA = NULL; |
54 | | |
55 | | #if defined(WITH_NATIVE_SSPI) |
56 | | static BOOL ShouldUseNativeSspi(void); |
57 | | static BOOL InitializeSspiModule_Native(void); |
58 | | #endif |
59 | | |
60 | | #if defined(WITH_NATIVE_SSPI) |
61 | | BOOL ShouldUseNativeSspi(void) |
62 | | { |
63 | | BOOL status = FALSE; |
64 | | #ifdef _WIN32 |
65 | | LPCSTR sspi = "WINPR_NATIVE_SSPI"; |
66 | | DWORD nSize; |
67 | | char* env = NULL; |
68 | | nSize = GetEnvironmentVariableA(sspi, NULL, 0); |
69 | | |
70 | | if (!nSize) |
71 | | return TRUE; |
72 | | |
73 | | env = (LPSTR)malloc(nSize); |
74 | | |
75 | | if (!env) |
76 | | return TRUE; |
77 | | |
78 | | if (GetEnvironmentVariableA(sspi, env, nSize) != nSize - 1) |
79 | | { |
80 | | free(env); |
81 | | return TRUE; |
82 | | } |
83 | | |
84 | | if (strcmp(env, "0") == 0) |
85 | | status = FALSE; |
86 | | else |
87 | | status = TRUE; |
88 | | |
89 | | free(env); |
90 | | #endif |
91 | | return status; |
92 | | } |
93 | | #endif |
94 | | |
95 | | #if defined(WITH_NATIVE_SSPI) |
96 | | BOOL InitializeSspiModule_Native(void) |
97 | | { |
98 | | SecurityFunctionTableW* pSspiW = NULL; |
99 | | SecurityFunctionTableA* pSspiA = NULL; |
100 | | INIT_SECURITY_INTERFACE_W pInitSecurityInterfaceW; |
101 | | INIT_SECURITY_INTERFACE_A pInitSecurityInterfaceA; |
102 | | g_SspiModule = LoadLibraryA("secur32.dll"); |
103 | | |
104 | | if (!g_SspiModule) |
105 | | g_SspiModule = LoadLibraryA("sspicli.dll"); |
106 | | |
107 | | if (!g_SspiModule) |
108 | | return FALSE; |
109 | | |
110 | | pInitSecurityInterfaceW = |
111 | | (INIT_SECURITY_INTERFACE_W)GetProcAddress(g_SspiModule, "InitSecurityInterfaceW"); |
112 | | pInitSecurityInterfaceA = |
113 | | (INIT_SECURITY_INTERFACE_A)GetProcAddress(g_SspiModule, "InitSecurityInterfaceA"); |
114 | | |
115 | | if (pInitSecurityInterfaceW) |
116 | | { |
117 | | pSspiW = pInitSecurityInterfaceW(); |
118 | | |
119 | | if (pSspiW) |
120 | | { |
121 | | g_SspiW = &windows_SecurityFunctionTableW; |
122 | | CopyMemory(g_SspiW, pSspiW, |
123 | | FIELD_OFFSET(SecurityFunctionTableW, SetContextAttributesW)); |
124 | | |
125 | | g_SspiW->dwVersion = SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3; |
126 | | |
127 | | g_SspiW->SetContextAttributesW = |
128 | | (SET_CONTEXT_ATTRIBUTES_FN_W)GetProcAddress(g_SspiModule, "SetContextAttributesW"); |
129 | | |
130 | | g_SspiW->SetCredentialsAttributesW = (SET_CREDENTIALS_ATTRIBUTES_FN_W)GetProcAddress( |
131 | | g_SspiModule, "SetCredentialsAttributesW"); |
132 | | } |
133 | | } |
134 | | |
135 | | if (pInitSecurityInterfaceA) |
136 | | { |
137 | | pSspiA = pInitSecurityInterfaceA(); |
138 | | |
139 | | if (pSspiA) |
140 | | { |
141 | | g_SspiA = &windows_SecurityFunctionTableA; |
142 | | CopyMemory(g_SspiA, pSspiA, |
143 | | FIELD_OFFSET(SecurityFunctionTableA, SetContextAttributesA)); |
144 | | |
145 | | g_SspiA->dwVersion = SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3; |
146 | | |
147 | | g_SspiA->SetContextAttributesA = |
148 | | (SET_CONTEXT_ATTRIBUTES_FN_W)GetProcAddress(g_SspiModule, "SetContextAttributesA"); |
149 | | |
150 | | g_SspiA->SetCredentialsAttributesA = (SET_CREDENTIALS_ATTRIBUTES_FN_W)GetProcAddress( |
151 | | g_SspiModule, "SetCredentialsAttributesA"); |
152 | | } |
153 | | } |
154 | | |
155 | | return TRUE; |
156 | | } |
157 | | #endif |
158 | | |
159 | | static BOOL CALLBACK InitializeSspiModuleInt(PINIT_ONCE once, PVOID param, PVOID* context) |
160 | 0 | { |
161 | 0 | BOOL status = FALSE; |
162 | | #if defined(WITH_NATIVE_SSPI) |
163 | | DWORD flags = 0; |
164 | | |
165 | | if (param) |
166 | | flags = *(DWORD*)param; |
167 | | |
168 | | #endif |
169 | 0 | sspi_GlobalInit(); |
170 | 0 | g_Log = WLog_Get("com.winpr.sspi"); |
171 | | #if defined(WITH_NATIVE_SSPI) |
172 | | |
173 | | if (flags && (flags & SSPI_INTERFACE_NATIVE)) |
174 | | { |
175 | | status = InitializeSspiModule_Native(); |
176 | | } |
177 | | else if (flags && (flags & SSPI_INTERFACE_WINPR)) |
178 | | { |
179 | | g_SspiW = winpr_InitSecurityInterfaceW(); |
180 | | g_SspiA = winpr_InitSecurityInterfaceA(); |
181 | | status = TRUE; |
182 | | } |
183 | | |
184 | | if (!status && ShouldUseNativeSspi()) |
185 | | { |
186 | | status = InitializeSspiModule_Native(); |
187 | | } |
188 | | |
189 | | #endif |
190 | |
|
191 | 0 | if (!status) |
192 | 0 | { |
193 | 0 | g_SspiW = winpr_InitSecurityInterfaceW(); |
194 | 0 | g_SspiA = winpr_InitSecurityInterfaceA(); |
195 | 0 | } |
196 | |
|
197 | 0 | return TRUE; |
198 | 0 | } |
199 | | |
200 | | const char* GetSecurityStatusString(SECURITY_STATUS status) |
201 | 0 | { |
202 | 0 | switch (status) |
203 | 0 | { |
204 | 0 | case SEC_E_OK: |
205 | 0 | return "SEC_E_OK"; |
206 | | |
207 | 0 | case SEC_E_INSUFFICIENT_MEMORY: |
208 | 0 | return "SEC_E_INSUFFICIENT_MEMORY"; |
209 | | |
210 | 0 | case SEC_E_INVALID_HANDLE: |
211 | 0 | return "SEC_E_INVALID_HANDLE"; |
212 | | |
213 | 0 | case SEC_E_UNSUPPORTED_FUNCTION: |
214 | 0 | return "SEC_E_UNSUPPORTED_FUNCTION"; |
215 | | |
216 | 0 | case SEC_E_TARGET_UNKNOWN: |
217 | 0 | return "SEC_E_TARGET_UNKNOWN"; |
218 | | |
219 | 0 | case SEC_E_INTERNAL_ERROR: |
220 | 0 | return "SEC_E_INTERNAL_ERROR"; |
221 | | |
222 | 0 | case SEC_E_SECPKG_NOT_FOUND: |
223 | 0 | return "SEC_E_SECPKG_NOT_FOUND"; |
224 | | |
225 | 0 | case SEC_E_NOT_OWNER: |
226 | 0 | return "SEC_E_NOT_OWNER"; |
227 | | |
228 | 0 | case SEC_E_CANNOT_INSTALL: |
229 | 0 | return "SEC_E_CANNOT_INSTALL"; |
230 | | |
231 | 0 | case SEC_E_INVALID_TOKEN: |
232 | 0 | return "SEC_E_INVALID_TOKEN"; |
233 | | |
234 | 0 | case SEC_E_CANNOT_PACK: |
235 | 0 | return "SEC_E_CANNOT_PACK"; |
236 | | |
237 | 0 | case SEC_E_QOP_NOT_SUPPORTED: |
238 | 0 | return "SEC_E_QOP_NOT_SUPPORTED"; |
239 | | |
240 | 0 | case SEC_E_NO_IMPERSONATION: |
241 | 0 | return "SEC_E_NO_IMPERSONATION"; |
242 | | |
243 | 0 | case SEC_E_LOGON_DENIED: |
244 | 0 | return "SEC_E_LOGON_DENIED"; |
245 | | |
246 | 0 | case SEC_E_UNKNOWN_CREDENTIALS: |
247 | 0 | return "SEC_E_UNKNOWN_CREDENTIALS"; |
248 | | |
249 | 0 | case SEC_E_NO_CREDENTIALS: |
250 | 0 | return "SEC_E_NO_CREDENTIALS"; |
251 | | |
252 | 0 | case SEC_E_MESSAGE_ALTERED: |
253 | 0 | return "SEC_E_MESSAGE_ALTERED"; |
254 | | |
255 | 0 | case SEC_E_OUT_OF_SEQUENCE: |
256 | 0 | return "SEC_E_OUT_OF_SEQUENCE"; |
257 | | |
258 | 0 | case SEC_E_NO_AUTHENTICATING_AUTHORITY: |
259 | 0 | return "SEC_E_NO_AUTHENTICATING_AUTHORITY"; |
260 | | |
261 | 0 | case SEC_E_BAD_PKGID: |
262 | 0 | return "SEC_E_BAD_PKGID"; |
263 | | |
264 | 0 | case SEC_E_CONTEXT_EXPIRED: |
265 | 0 | return "SEC_E_CONTEXT_EXPIRED"; |
266 | | |
267 | 0 | case SEC_E_INCOMPLETE_MESSAGE: |
268 | 0 | return "SEC_E_INCOMPLETE_MESSAGE"; |
269 | | |
270 | 0 | case SEC_E_INCOMPLETE_CREDENTIALS: |
271 | 0 | return "SEC_E_INCOMPLETE_CREDENTIALS"; |
272 | | |
273 | 0 | case SEC_E_BUFFER_TOO_SMALL: |
274 | 0 | return "SEC_E_BUFFER_TOO_SMALL"; |
275 | | |
276 | 0 | case SEC_E_WRONG_PRINCIPAL: |
277 | 0 | return "SEC_E_WRONG_PRINCIPAL"; |
278 | | |
279 | 0 | case SEC_E_TIME_SKEW: |
280 | 0 | return "SEC_E_TIME_SKEW"; |
281 | | |
282 | 0 | case SEC_E_UNTRUSTED_ROOT: |
283 | 0 | return "SEC_E_UNTRUSTED_ROOT"; |
284 | | |
285 | 0 | case SEC_E_ILLEGAL_MESSAGE: |
286 | 0 | return "SEC_E_ILLEGAL_MESSAGE"; |
287 | | |
288 | 0 | case SEC_E_CERT_UNKNOWN: |
289 | 0 | return "SEC_E_CERT_UNKNOWN"; |
290 | | |
291 | 0 | case SEC_E_CERT_EXPIRED: |
292 | 0 | return "SEC_E_CERT_EXPIRED"; |
293 | | |
294 | 0 | case SEC_E_ENCRYPT_FAILURE: |
295 | 0 | return "SEC_E_ENCRYPT_FAILURE"; |
296 | | |
297 | 0 | case SEC_E_DECRYPT_FAILURE: |
298 | 0 | return "SEC_E_DECRYPT_FAILURE"; |
299 | | |
300 | 0 | case SEC_E_ALGORITHM_MISMATCH: |
301 | 0 | return "SEC_E_ALGORITHM_MISMATCH"; |
302 | | |
303 | 0 | case SEC_E_SECURITY_QOS_FAILED: |
304 | 0 | return "SEC_E_SECURITY_QOS_FAILED"; |
305 | | |
306 | 0 | case SEC_E_UNFINISHED_CONTEXT_DELETED: |
307 | 0 | return "SEC_E_UNFINISHED_CONTEXT_DELETED"; |
308 | | |
309 | 0 | case SEC_E_NO_TGT_REPLY: |
310 | 0 | return "SEC_E_NO_TGT_REPLY"; |
311 | | |
312 | 0 | case SEC_E_NO_IP_ADDRESSES: |
313 | 0 | return "SEC_E_NO_IP_ADDRESSES"; |
314 | | |
315 | 0 | case SEC_E_WRONG_CREDENTIAL_HANDLE: |
316 | 0 | return "SEC_E_WRONG_CREDENTIAL_HANDLE"; |
317 | | |
318 | 0 | case SEC_E_CRYPTO_SYSTEM_INVALID: |
319 | 0 | return "SEC_E_CRYPTO_SYSTEM_INVALID"; |
320 | | |
321 | 0 | case SEC_E_MAX_REFERRALS_EXCEEDED: |
322 | 0 | return "SEC_E_MAX_REFERRALS_EXCEEDED"; |
323 | | |
324 | 0 | case SEC_E_MUST_BE_KDC: |
325 | 0 | return "SEC_E_MUST_BE_KDC"; |
326 | | |
327 | 0 | case SEC_E_STRONG_CRYPTO_NOT_SUPPORTED: |
328 | 0 | return "SEC_E_STRONG_CRYPTO_NOT_SUPPORTED"; |
329 | | |
330 | 0 | case SEC_E_TOO_MANY_PRINCIPALS: |
331 | 0 | return "SEC_E_TOO_MANY_PRINCIPALS"; |
332 | | |
333 | 0 | case SEC_E_NO_PA_DATA: |
334 | 0 | return "SEC_E_NO_PA_DATA"; |
335 | | |
336 | 0 | case SEC_E_PKINIT_NAME_MISMATCH: |
337 | 0 | return "SEC_E_PKINIT_NAME_MISMATCH"; |
338 | | |
339 | 0 | case SEC_E_SMARTCARD_LOGON_REQUIRED: |
340 | 0 | return "SEC_E_SMARTCARD_LOGON_REQUIRED"; |
341 | | |
342 | 0 | case SEC_E_SHUTDOWN_IN_PROGRESS: |
343 | 0 | return "SEC_E_SHUTDOWN_IN_PROGRESS"; |
344 | | |
345 | 0 | case SEC_E_KDC_INVALID_REQUEST: |
346 | 0 | return "SEC_E_KDC_INVALID_REQUEST"; |
347 | | |
348 | 0 | case SEC_E_KDC_UNABLE_TO_REFER: |
349 | 0 | return "SEC_E_KDC_UNABLE_TO_REFER"; |
350 | | |
351 | 0 | case SEC_E_KDC_UNKNOWN_ETYPE: |
352 | 0 | return "SEC_E_KDC_UNKNOWN_ETYPE"; |
353 | | |
354 | 0 | case SEC_E_UNSUPPORTED_PREAUTH: |
355 | 0 | return "SEC_E_UNSUPPORTED_PREAUTH"; |
356 | | |
357 | 0 | case SEC_E_DELEGATION_REQUIRED: |
358 | 0 | return "SEC_E_DELEGATION_REQUIRED"; |
359 | | |
360 | 0 | case SEC_E_BAD_BINDINGS: |
361 | 0 | return "SEC_E_BAD_BINDINGS"; |
362 | | |
363 | 0 | case SEC_E_MULTIPLE_ACCOUNTS: |
364 | 0 | return "SEC_E_MULTIPLE_ACCOUNTS"; |
365 | | |
366 | 0 | case SEC_E_NO_KERB_KEY: |
367 | 0 | return "SEC_E_NO_KERB_KEY"; |
368 | | |
369 | 0 | case SEC_E_CERT_WRONG_USAGE: |
370 | 0 | return "SEC_E_CERT_WRONG_USAGE"; |
371 | | |
372 | 0 | case SEC_E_DOWNGRADE_DETECTED: |
373 | 0 | return "SEC_E_DOWNGRADE_DETECTED"; |
374 | | |
375 | 0 | case SEC_E_SMARTCARD_CERT_REVOKED: |
376 | 0 | return "SEC_E_SMARTCARD_CERT_REVOKED"; |
377 | | |
378 | 0 | case SEC_E_ISSUING_CA_UNTRUSTED: |
379 | 0 | return "SEC_E_ISSUING_CA_UNTRUSTED"; |
380 | | |
381 | 0 | case SEC_E_REVOCATION_OFFLINE_C: |
382 | 0 | return "SEC_E_REVOCATION_OFFLINE_C"; |
383 | | |
384 | 0 | case SEC_E_PKINIT_CLIENT_FAILURE: |
385 | 0 | return "SEC_E_PKINIT_CLIENT_FAILURE"; |
386 | | |
387 | 0 | case SEC_E_SMARTCARD_CERT_EXPIRED: |
388 | 0 | return "SEC_E_SMARTCARD_CERT_EXPIRED"; |
389 | | |
390 | 0 | case SEC_E_NO_S4U_PROT_SUPPORT: |
391 | 0 | return "SEC_E_NO_S4U_PROT_SUPPORT"; |
392 | | |
393 | 0 | case SEC_E_CROSSREALM_DELEGATION_FAILURE: |
394 | 0 | return "SEC_E_CROSSREALM_DELEGATION_FAILURE"; |
395 | | |
396 | 0 | case SEC_E_REVOCATION_OFFLINE_KDC: |
397 | 0 | return "SEC_E_REVOCATION_OFFLINE_KDC"; |
398 | | |
399 | 0 | case SEC_E_ISSUING_CA_UNTRUSTED_KDC: |
400 | 0 | return "SEC_E_ISSUING_CA_UNTRUSTED_KDC"; |
401 | | |
402 | 0 | case SEC_E_KDC_CERT_EXPIRED: |
403 | 0 | return "SEC_E_KDC_CERT_EXPIRED"; |
404 | | |
405 | 0 | case SEC_E_KDC_CERT_REVOKED: |
406 | 0 | return "SEC_E_KDC_CERT_REVOKED"; |
407 | | |
408 | 0 | case SEC_E_INVALID_PARAMETER: |
409 | 0 | return "SEC_E_INVALID_PARAMETER"; |
410 | | |
411 | 0 | case SEC_E_DELEGATION_POLICY: |
412 | 0 | return "SEC_E_DELEGATION_POLICY"; |
413 | | |
414 | 0 | case SEC_E_POLICY_NLTM_ONLY: |
415 | 0 | return "SEC_E_POLICY_NLTM_ONLY"; |
416 | | |
417 | 0 | case SEC_E_NO_CONTEXT: |
418 | 0 | return "SEC_E_NO_CONTEXT"; |
419 | | |
420 | 0 | case SEC_E_PKU2U_CERT_FAILURE: |
421 | 0 | return "SEC_E_PKU2U_CERT_FAILURE"; |
422 | | |
423 | 0 | case SEC_E_MUTUAL_AUTH_FAILED: |
424 | 0 | return "SEC_E_MUTUAL_AUTH_FAILED"; |
425 | | |
426 | 0 | case SEC_I_CONTINUE_NEEDED: |
427 | 0 | return "SEC_I_CONTINUE_NEEDED"; |
428 | | |
429 | 0 | case SEC_I_COMPLETE_NEEDED: |
430 | 0 | return "SEC_I_COMPLETE_NEEDED"; |
431 | | |
432 | 0 | case SEC_I_COMPLETE_AND_CONTINUE: |
433 | 0 | return "SEC_I_COMPLETE_AND_CONTINUE"; |
434 | | |
435 | 0 | case SEC_I_LOCAL_LOGON: |
436 | 0 | return "SEC_I_LOCAL_LOGON"; |
437 | | |
438 | 0 | case SEC_I_CONTEXT_EXPIRED: |
439 | 0 | return "SEC_I_CONTEXT_EXPIRED"; |
440 | | |
441 | 0 | case SEC_I_INCOMPLETE_CREDENTIALS: |
442 | 0 | return "SEC_I_INCOMPLETE_CREDENTIALS"; |
443 | | |
444 | 0 | case SEC_I_RENEGOTIATE: |
445 | 0 | return "SEC_I_RENEGOTIATE"; |
446 | | |
447 | 0 | case SEC_I_NO_LSA_CONTEXT: |
448 | 0 | return "SEC_I_NO_LSA_CONTEXT"; |
449 | | |
450 | 0 | case SEC_I_SIGNATURE_NEEDED: |
451 | 0 | return "SEC_I_SIGNATURE_NEEDED"; |
452 | | |
453 | 0 | case SEC_I_NO_RENEGOTIATION: |
454 | 0 | return "SEC_I_NO_RENEGOTIATION"; |
455 | 0 | } |
456 | | |
457 | 0 | return NtStatus2Tag((DWORD)status); |
458 | 0 | } |
459 | | |
460 | | BOOL IsSecurityStatusError(SECURITY_STATUS status) |
461 | 0 | { |
462 | 0 | BOOL error = TRUE; |
463 | |
|
464 | 0 | switch (status) |
465 | 0 | { |
466 | 0 | case SEC_E_OK: |
467 | 0 | case SEC_I_CONTINUE_NEEDED: |
468 | 0 | case SEC_I_COMPLETE_NEEDED: |
469 | 0 | case SEC_I_COMPLETE_AND_CONTINUE: |
470 | 0 | case SEC_I_LOCAL_LOGON: |
471 | 0 | case SEC_I_CONTEXT_EXPIRED: |
472 | 0 | case SEC_I_INCOMPLETE_CREDENTIALS: |
473 | 0 | case SEC_I_RENEGOTIATE: |
474 | 0 | case SEC_I_NO_LSA_CONTEXT: |
475 | 0 | case SEC_I_SIGNATURE_NEEDED: |
476 | 0 | case SEC_I_NO_RENEGOTIATION: |
477 | 0 | error = FALSE; |
478 | 0 | break; |
479 | 0 | } |
480 | | |
481 | 0 | return error; |
482 | 0 | } |
483 | | |
484 | | SecurityFunctionTableW* SEC_ENTRY InitSecurityInterfaceExW(DWORD flags) |
485 | 0 | { |
486 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, &flags, NULL); |
487 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "InitSecurityInterfaceExW"); |
488 | 0 | return g_SspiW; |
489 | 0 | } |
490 | | |
491 | | SecurityFunctionTableA* SEC_ENTRY InitSecurityInterfaceExA(DWORD flags) |
492 | 0 | { |
493 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, &flags, NULL); |
494 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "InitSecurityInterfaceExA"); |
495 | 0 | return g_SspiA; |
496 | 0 | } |
497 | | |
498 | | /** |
499 | | * Standard SSPI API |
500 | | */ |
501 | | |
502 | | /* Package Management */ |
503 | | |
504 | | SECURITY_STATUS SEC_ENTRY sspi_EnumerateSecurityPackagesW(ULONG* pcPackages, |
505 | | PSecPkgInfoW* ppPackageInfo) |
506 | 0 | { |
507 | 0 | SECURITY_STATUS status = 0; |
508 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
509 | |
|
510 | 0 | if (!(g_SspiW && g_SspiW->EnumerateSecurityPackagesW)) |
511 | 0 | { |
512 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
513 | |
|
514 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
515 | 0 | } |
516 | | |
517 | 0 | status = g_SspiW->EnumerateSecurityPackagesW(pcPackages, ppPackageInfo); |
518 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "EnumerateSecurityPackagesW: %s (0x%08" PRIX32 ")", |
519 | 0 | GetSecurityStatusString(status), status); |
520 | 0 | return status; |
521 | 0 | } |
522 | | |
523 | | SECURITY_STATUS SEC_ENTRY sspi_EnumerateSecurityPackagesA(ULONG* pcPackages, |
524 | | PSecPkgInfoA* ppPackageInfo) |
525 | 0 | { |
526 | 0 | SECURITY_STATUS status = 0; |
527 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
528 | |
|
529 | 0 | if (!(g_SspiA && g_SspiA->EnumerateSecurityPackagesA)) |
530 | 0 | { |
531 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
532 | |
|
533 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
534 | 0 | } |
535 | | |
536 | 0 | status = g_SspiA->EnumerateSecurityPackagesA(pcPackages, ppPackageInfo); |
537 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "EnumerateSecurityPackagesA: %s (0x%08" PRIX32 ")", |
538 | 0 | GetSecurityStatusString(status), status); |
539 | 0 | return status; |
540 | 0 | } |
541 | | |
542 | | SecurityFunctionTableW* SEC_ENTRY sspi_InitSecurityInterfaceW(void) |
543 | 0 | { |
544 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
545 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "InitSecurityInterfaceW"); |
546 | 0 | return g_SspiW; |
547 | 0 | } |
548 | | |
549 | | SecurityFunctionTableA* SEC_ENTRY sspi_InitSecurityInterfaceA(void) |
550 | 0 | { |
551 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
552 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "InitSecurityInterfaceA"); |
553 | 0 | return g_SspiA; |
554 | 0 | } |
555 | | |
556 | | SECURITY_STATUS SEC_ENTRY sspi_QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName, |
557 | | PSecPkgInfoW* ppPackageInfo) |
558 | 0 | { |
559 | 0 | SECURITY_STATUS status = 0; |
560 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
561 | |
|
562 | 0 | if (!(g_SspiW && g_SspiW->QuerySecurityPackageInfoW)) |
563 | 0 | { |
564 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
565 | |
|
566 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
567 | 0 | } |
568 | | |
569 | 0 | status = g_SspiW->QuerySecurityPackageInfoW(pszPackageName, ppPackageInfo); |
570 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "QuerySecurityPackageInfoW: %s (0x%08" PRIX32 ")", |
571 | 0 | GetSecurityStatusString(status), status); |
572 | 0 | return status; |
573 | 0 | } |
574 | | |
575 | | SECURITY_STATUS SEC_ENTRY sspi_QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName, |
576 | | PSecPkgInfoA* ppPackageInfo) |
577 | 0 | { |
578 | 0 | SECURITY_STATUS status = 0; |
579 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
580 | |
|
581 | 0 | if (!(g_SspiA && g_SspiA->QuerySecurityPackageInfoA)) |
582 | 0 | { |
583 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
584 | |
|
585 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
586 | 0 | } |
587 | | |
588 | 0 | status = g_SspiA->QuerySecurityPackageInfoA(pszPackageName, ppPackageInfo); |
589 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "QuerySecurityPackageInfoA: %s (0x%08" PRIX32 ")", |
590 | 0 | GetSecurityStatusString(status), status); |
591 | 0 | return status; |
592 | 0 | } |
593 | | |
594 | | /* Credential Management */ |
595 | | |
596 | | SECURITY_STATUS SEC_ENTRY sspi_AcquireCredentialsHandleW( |
597 | | SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID, |
598 | | void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, |
599 | | PTimeStamp ptsExpiry) |
600 | 0 | { |
601 | 0 | SECURITY_STATUS status = 0; |
602 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
603 | |
|
604 | 0 | if (!(g_SspiW && g_SspiW->AcquireCredentialsHandleW)) |
605 | 0 | { |
606 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
607 | |
|
608 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
609 | 0 | } |
610 | | |
611 | 0 | status = g_SspiW->AcquireCredentialsHandleW(pszPrincipal, pszPackage, fCredentialUse, pvLogonID, |
612 | 0 | pAuthData, pGetKeyFn, pvGetKeyArgument, |
613 | 0 | phCredential, ptsExpiry); |
614 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "AcquireCredentialsHandleW: %s (0x%08" PRIX32 ")", |
615 | 0 | GetSecurityStatusString(status), status); |
616 | 0 | return status; |
617 | 0 | } |
618 | | |
619 | | SECURITY_STATUS SEC_ENTRY sspi_AcquireCredentialsHandleA( |
620 | | SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID, |
621 | | void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, |
622 | | PTimeStamp ptsExpiry) |
623 | 0 | { |
624 | 0 | SECURITY_STATUS status = 0; |
625 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
626 | |
|
627 | 0 | if (!(g_SspiA && g_SspiA->AcquireCredentialsHandleA)) |
628 | 0 | { |
629 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
630 | |
|
631 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
632 | 0 | } |
633 | | |
634 | 0 | status = g_SspiA->AcquireCredentialsHandleA(pszPrincipal, pszPackage, fCredentialUse, pvLogonID, |
635 | 0 | pAuthData, pGetKeyFn, pvGetKeyArgument, |
636 | 0 | phCredential, ptsExpiry); |
637 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "AcquireCredentialsHandleA: %s (0x%08" PRIX32 ")", |
638 | 0 | GetSecurityStatusString(status), status); |
639 | 0 | return status; |
640 | 0 | } |
641 | | |
642 | | SECURITY_STATUS SEC_ENTRY sspi_ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags, |
643 | | PSecBuffer pPackedContext, HANDLE* pToken) |
644 | 0 | { |
645 | 0 | SECURITY_STATUS status = 0; |
646 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
647 | |
|
648 | 0 | if (!(g_SspiW && g_SspiW->ExportSecurityContext)) |
649 | 0 | { |
650 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
651 | |
|
652 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
653 | 0 | } |
654 | | |
655 | 0 | status = g_SspiW->ExportSecurityContext(phContext, fFlags, pPackedContext, pToken); |
656 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "ExportSecurityContext: %s (0x%08" PRIX32 ")", |
657 | 0 | GetSecurityStatusString(status), status); |
658 | 0 | return status; |
659 | 0 | } |
660 | | |
661 | | SECURITY_STATUS SEC_ENTRY sspi_FreeCredentialsHandle(PCredHandle phCredential) |
662 | 0 | { |
663 | 0 | SECURITY_STATUS status = 0; |
664 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
665 | |
|
666 | 0 | if (!(g_SspiW && g_SspiW->FreeCredentialsHandle)) |
667 | 0 | { |
668 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
669 | |
|
670 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
671 | 0 | } |
672 | | |
673 | 0 | status = g_SspiW->FreeCredentialsHandle(phCredential); |
674 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "FreeCredentialsHandle: %s (0x%08" PRIX32 ")", |
675 | 0 | GetSecurityStatusString(status), status); |
676 | 0 | return status; |
677 | 0 | } |
678 | | |
679 | | SECURITY_STATUS SEC_ENTRY sspi_ImportSecurityContextW(SEC_WCHAR* pszPackage, |
680 | | PSecBuffer pPackedContext, HANDLE pToken, |
681 | | PCtxtHandle phContext) |
682 | 0 | { |
683 | 0 | SECURITY_STATUS status = 0; |
684 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
685 | |
|
686 | 0 | if (!(g_SspiW && g_SspiW->ImportSecurityContextW)) |
687 | 0 | { |
688 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
689 | |
|
690 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
691 | 0 | } |
692 | | |
693 | 0 | status = g_SspiW->ImportSecurityContextW(pszPackage, pPackedContext, pToken, phContext); |
694 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "ImportSecurityContextW: %s (0x%08" PRIX32 ")", |
695 | 0 | GetSecurityStatusString(status), status); |
696 | 0 | return status; |
697 | 0 | } |
698 | | |
699 | | SECURITY_STATUS SEC_ENTRY sspi_ImportSecurityContextA(SEC_CHAR* pszPackage, |
700 | | PSecBuffer pPackedContext, HANDLE pToken, |
701 | | PCtxtHandle phContext) |
702 | 0 | { |
703 | 0 | SECURITY_STATUS status = 0; |
704 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
705 | |
|
706 | 0 | if (!(g_SspiA && g_SspiA->ImportSecurityContextA)) |
707 | 0 | { |
708 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
709 | |
|
710 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
711 | 0 | } |
712 | | |
713 | 0 | status = g_SspiA->ImportSecurityContextA(pszPackage, pPackedContext, pToken, phContext); |
714 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "ImportSecurityContextA: %s (0x%08" PRIX32 ")", |
715 | 0 | GetSecurityStatusString(status), status); |
716 | 0 | return status; |
717 | 0 | } |
718 | | |
719 | | SECURITY_STATUS SEC_ENTRY sspi_QueryCredentialsAttributesW(PCredHandle phCredential, |
720 | | ULONG ulAttribute, void* pBuffer) |
721 | 0 | { |
722 | 0 | SECURITY_STATUS status = 0; |
723 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
724 | |
|
725 | 0 | if (!(g_SspiW && g_SspiW->QueryCredentialsAttributesW)) |
726 | 0 | { |
727 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
728 | |
|
729 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
730 | 0 | } |
731 | | |
732 | 0 | status = g_SspiW->QueryCredentialsAttributesW(phCredential, ulAttribute, pBuffer); |
733 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "QueryCredentialsAttributesW: %s (0x%08" PRIX32 ")", |
734 | 0 | GetSecurityStatusString(status), status); |
735 | 0 | return status; |
736 | 0 | } |
737 | | |
738 | | SECURITY_STATUS SEC_ENTRY sspi_QueryCredentialsAttributesA(PCredHandle phCredential, |
739 | | ULONG ulAttribute, void* pBuffer) |
740 | 0 | { |
741 | 0 | SECURITY_STATUS status = 0; |
742 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
743 | |
|
744 | 0 | if (!(g_SspiA && g_SspiA->QueryCredentialsAttributesA)) |
745 | 0 | { |
746 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
747 | |
|
748 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
749 | 0 | } |
750 | | |
751 | 0 | status = g_SspiA->QueryCredentialsAttributesA(phCredential, ulAttribute, pBuffer); |
752 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "QueryCredentialsAttributesA: %s (0x%08" PRIX32 ")", |
753 | 0 | GetSecurityStatusString(status), status); |
754 | 0 | return status; |
755 | 0 | } |
756 | | |
757 | | /* Context Management */ |
758 | | |
759 | | SECURITY_STATUS SEC_ENTRY sspi_AcceptSecurityContext(PCredHandle phCredential, |
760 | | PCtxtHandle phContext, PSecBufferDesc pInput, |
761 | | ULONG fContextReq, ULONG TargetDataRep, |
762 | | PCtxtHandle phNewContext, |
763 | | PSecBufferDesc pOutput, PULONG pfContextAttr, |
764 | | PTimeStamp ptsTimeStamp) |
765 | 0 | { |
766 | 0 | SECURITY_STATUS status = 0; |
767 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
768 | |
|
769 | 0 | if (!(g_SspiW && g_SspiW->AcceptSecurityContext)) |
770 | 0 | { |
771 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
772 | |
|
773 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
774 | 0 | } |
775 | | |
776 | 0 | status = |
777 | 0 | g_SspiW->AcceptSecurityContext(phCredential, phContext, pInput, fContextReq, TargetDataRep, |
778 | 0 | phNewContext, pOutput, pfContextAttr, ptsTimeStamp); |
779 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "AcceptSecurityContext: %s (0x%08" PRIX32 ")", |
780 | 0 | GetSecurityStatusString(status), status); |
781 | 0 | return status; |
782 | 0 | } |
783 | | |
784 | | SECURITY_STATUS SEC_ENTRY sspi_ApplyControlToken(PCtxtHandle phContext, PSecBufferDesc pInput) |
785 | 0 | { |
786 | 0 | SECURITY_STATUS status = 0; |
787 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
788 | |
|
789 | 0 | if (!(g_SspiW && g_SspiW->ApplyControlToken)) |
790 | 0 | { |
791 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
792 | |
|
793 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
794 | 0 | } |
795 | | |
796 | 0 | status = g_SspiW->ApplyControlToken(phContext, pInput); |
797 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "ApplyControlToken: %s (0x%08" PRIX32 ")", |
798 | 0 | GetSecurityStatusString(status), status); |
799 | 0 | return status; |
800 | 0 | } |
801 | | |
802 | | SECURITY_STATUS SEC_ENTRY sspi_CompleteAuthToken(PCtxtHandle phContext, PSecBufferDesc pToken) |
803 | 0 | { |
804 | 0 | SECURITY_STATUS status = 0; |
805 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
806 | |
|
807 | 0 | if (!(g_SspiW && g_SspiW->CompleteAuthToken)) |
808 | 0 | { |
809 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
810 | |
|
811 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
812 | 0 | } |
813 | | |
814 | 0 | status = g_SspiW->CompleteAuthToken(phContext, pToken); |
815 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "CompleteAuthToken: %s (0x%08" PRIX32 ")", |
816 | 0 | GetSecurityStatusString(status), status); |
817 | 0 | return status; |
818 | 0 | } |
819 | | |
820 | | SECURITY_STATUS SEC_ENTRY sspi_DeleteSecurityContext(PCtxtHandle phContext) |
821 | 0 | { |
822 | 0 | SECURITY_STATUS status = 0; |
823 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
824 | |
|
825 | 0 | if (!(g_SspiW && g_SspiW->DeleteSecurityContext)) |
826 | 0 | { |
827 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
828 | |
|
829 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
830 | 0 | } |
831 | | |
832 | 0 | status = g_SspiW->DeleteSecurityContext(phContext); |
833 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "DeleteSecurityContext: %s (0x%08" PRIX32 ")", |
834 | 0 | GetSecurityStatusString(status), status); |
835 | 0 | return status; |
836 | 0 | } |
837 | | |
838 | | SECURITY_STATUS SEC_ENTRY sspi_FreeContextBuffer(void* pvContextBuffer) |
839 | 0 | { |
840 | 0 | SECURITY_STATUS status = 0; |
841 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
842 | |
|
843 | 0 | if (!(g_SspiW && g_SspiW->FreeContextBuffer)) |
844 | 0 | { |
845 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
846 | |
|
847 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
848 | 0 | } |
849 | | |
850 | 0 | status = g_SspiW->FreeContextBuffer(pvContextBuffer); |
851 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "FreeContextBuffer: %s (0x%08" PRIX32 ")", |
852 | 0 | GetSecurityStatusString(status), status); |
853 | 0 | return status; |
854 | 0 | } |
855 | | |
856 | | SECURITY_STATUS SEC_ENTRY sspi_ImpersonateSecurityContext(PCtxtHandle phContext) |
857 | 0 | { |
858 | 0 | SECURITY_STATUS status = 0; |
859 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
860 | |
|
861 | 0 | if (!(g_SspiW && g_SspiW->ImpersonateSecurityContext)) |
862 | 0 | { |
863 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
864 | |
|
865 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
866 | 0 | } |
867 | | |
868 | 0 | status = g_SspiW->ImpersonateSecurityContext(phContext); |
869 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "ImpersonateSecurityContext: %s (0x%08" PRIX32 ")", |
870 | 0 | GetSecurityStatusString(status), status); |
871 | 0 | return status; |
872 | 0 | } |
873 | | |
874 | | SECURITY_STATUS SEC_ENTRY sspi_InitializeSecurityContextW( |
875 | | PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq, |
876 | | ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, |
877 | | PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry) |
878 | 0 | { |
879 | 0 | SECURITY_STATUS status = 0; |
880 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
881 | |
|
882 | 0 | if (!(g_SspiW && g_SspiW->InitializeSecurityContextW)) |
883 | 0 | { |
884 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
885 | |
|
886 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
887 | 0 | } |
888 | | |
889 | 0 | status = g_SspiW->InitializeSecurityContextW( |
890 | 0 | phCredential, phContext, pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput, |
891 | 0 | Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry); |
892 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "InitializeSecurityContextW: %s (0x%08" PRIX32 ")", |
893 | 0 | GetSecurityStatusString(status), status); |
894 | 0 | return status; |
895 | 0 | } |
896 | | |
897 | | SECURITY_STATUS SEC_ENTRY sspi_InitializeSecurityContextA( |
898 | | PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq, |
899 | | ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, |
900 | | PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry) |
901 | 0 | { |
902 | 0 | SECURITY_STATUS status = 0; |
903 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
904 | |
|
905 | 0 | if (!(g_SspiA && g_SspiA->InitializeSecurityContextA)) |
906 | 0 | { |
907 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
908 | |
|
909 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
910 | 0 | } |
911 | | |
912 | 0 | status = g_SspiA->InitializeSecurityContextA( |
913 | 0 | phCredential, phContext, pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput, |
914 | 0 | Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry); |
915 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "InitializeSecurityContextA: %s (0x%08" PRIX32 ")", |
916 | 0 | GetSecurityStatusString(status), status); |
917 | 0 | return status; |
918 | 0 | } |
919 | | |
920 | | SECURITY_STATUS SEC_ENTRY sspi_QueryContextAttributesW(PCtxtHandle phContext, ULONG ulAttribute, |
921 | | void* pBuffer) |
922 | 0 | { |
923 | 0 | SECURITY_STATUS status = 0; |
924 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
925 | |
|
926 | 0 | if (!(g_SspiW && g_SspiW->QueryContextAttributesW)) |
927 | 0 | { |
928 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
929 | |
|
930 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
931 | 0 | } |
932 | | |
933 | 0 | status = g_SspiW->QueryContextAttributesW(phContext, ulAttribute, pBuffer); |
934 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "QueryContextAttributesW: %s (0x%08" PRIX32 ")", |
935 | 0 | GetSecurityStatusString(status), status); |
936 | 0 | return status; |
937 | 0 | } |
938 | | |
939 | | SECURITY_STATUS SEC_ENTRY sspi_QueryContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, |
940 | | void* pBuffer) |
941 | 0 | { |
942 | 0 | SECURITY_STATUS status = 0; |
943 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
944 | |
|
945 | 0 | if (!(g_SspiA && g_SspiA->QueryContextAttributesA)) |
946 | 0 | { |
947 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
948 | |
|
949 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
950 | 0 | } |
951 | | |
952 | 0 | status = g_SspiA->QueryContextAttributesA(phContext, ulAttribute, pBuffer); |
953 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "QueryContextAttributesA: %s (0x%08" PRIX32 ")", |
954 | 0 | GetSecurityStatusString(status), status); |
955 | 0 | return status; |
956 | 0 | } |
957 | | |
958 | | SECURITY_STATUS SEC_ENTRY sspi_QuerySecurityContextToken(PCtxtHandle phContext, HANDLE* phToken) |
959 | 0 | { |
960 | 0 | SECURITY_STATUS status = 0; |
961 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
962 | |
|
963 | 0 | if (!(g_SspiW && g_SspiW->QuerySecurityContextToken)) |
964 | 0 | { |
965 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
966 | |
|
967 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
968 | 0 | } |
969 | | |
970 | 0 | status = g_SspiW->QuerySecurityContextToken(phContext, phToken); |
971 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "QuerySecurityContextToken: %s (0x%08" PRIX32 ")", |
972 | 0 | GetSecurityStatusString(status), status); |
973 | 0 | return status; |
974 | 0 | } |
975 | | |
976 | | SECURITY_STATUS SEC_ENTRY sspi_SetContextAttributesW(PCtxtHandle phContext, ULONG ulAttribute, |
977 | | void* pBuffer, ULONG cbBuffer) |
978 | 0 | { |
979 | 0 | SECURITY_STATUS status = 0; |
980 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
981 | |
|
982 | 0 | if (!(g_SspiW && g_SspiW->SetContextAttributesW)) |
983 | 0 | { |
984 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
985 | |
|
986 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
987 | 0 | } |
988 | | |
989 | 0 | status = g_SspiW->SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer); |
990 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "SetContextAttributesW: %s (0x%08" PRIX32 ")", |
991 | 0 | GetSecurityStatusString(status), status); |
992 | 0 | return status; |
993 | 0 | } |
994 | | |
995 | | SECURITY_STATUS SEC_ENTRY sspi_SetContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, |
996 | | void* pBuffer, ULONG cbBuffer) |
997 | 0 | { |
998 | 0 | SECURITY_STATUS status = 0; |
999 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
1000 | |
|
1001 | 0 | if (!(g_SspiA && g_SspiA->SetContextAttributesA)) |
1002 | 0 | { |
1003 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
1004 | |
|
1005 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
1006 | 0 | } |
1007 | | |
1008 | 0 | status = g_SspiA->SetContextAttributesA(phContext, ulAttribute, pBuffer, cbBuffer); |
1009 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "SetContextAttributesA: %s (0x%08" PRIX32 ")", |
1010 | 0 | GetSecurityStatusString(status), status); |
1011 | 0 | return status; |
1012 | 0 | } |
1013 | | |
1014 | | SECURITY_STATUS SEC_ENTRY sspi_RevertSecurityContext(PCtxtHandle phContext) |
1015 | 0 | { |
1016 | 0 | SECURITY_STATUS status = 0; |
1017 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
1018 | |
|
1019 | 0 | if (!(g_SspiW && g_SspiW->RevertSecurityContext)) |
1020 | 0 | { |
1021 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
1022 | |
|
1023 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
1024 | 0 | } |
1025 | | |
1026 | 0 | status = g_SspiW->RevertSecurityContext(phContext); |
1027 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "RevertSecurityContext: %s (0x%08" PRIX32 ")", |
1028 | 0 | GetSecurityStatusString(status), status); |
1029 | 0 | return status; |
1030 | 0 | } |
1031 | | |
1032 | | /* Message Support */ |
1033 | | |
1034 | | SECURITY_STATUS SEC_ENTRY sspi_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, |
1035 | | ULONG MessageSeqNo, PULONG pfQOP) |
1036 | 0 | { |
1037 | 0 | SECURITY_STATUS status = 0; |
1038 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
1039 | |
|
1040 | 0 | if (!(g_SspiW && g_SspiW->DecryptMessage)) |
1041 | 0 | { |
1042 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
1043 | |
|
1044 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
1045 | 0 | } |
1046 | | |
1047 | 0 | status = g_SspiW->DecryptMessage(phContext, pMessage, MessageSeqNo, pfQOP); |
1048 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "DecryptMessage: %s (0x%08" PRIX32 ")", |
1049 | 0 | GetSecurityStatusString(status), status); |
1050 | 0 | return status; |
1051 | 0 | } |
1052 | | |
1053 | | SECURITY_STATUS SEC_ENTRY sspi_EncryptMessage(PCtxtHandle phContext, ULONG fQOP, |
1054 | | PSecBufferDesc pMessage, ULONG MessageSeqNo) |
1055 | 0 | { |
1056 | 0 | SECURITY_STATUS status = 0; |
1057 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
1058 | |
|
1059 | 0 | if (!(g_SspiW && g_SspiW->EncryptMessage)) |
1060 | 0 | { |
1061 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
1062 | |
|
1063 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
1064 | 0 | } |
1065 | | |
1066 | 0 | status = g_SspiW->EncryptMessage(phContext, fQOP, pMessage, MessageSeqNo); |
1067 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "EncryptMessage: %s (0x%08" PRIX32 ")", |
1068 | 0 | GetSecurityStatusString(status), status); |
1069 | 0 | return status; |
1070 | 0 | } |
1071 | | |
1072 | | SECURITY_STATUS SEC_ENTRY sspi_MakeSignature(PCtxtHandle phContext, ULONG fQOP, |
1073 | | PSecBufferDesc pMessage, ULONG MessageSeqNo) |
1074 | 0 | { |
1075 | 0 | SECURITY_STATUS status = 0; |
1076 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
1077 | |
|
1078 | 0 | if (!(g_SspiW && g_SspiW->MakeSignature)) |
1079 | 0 | { |
1080 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
1081 | |
|
1082 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
1083 | 0 | } |
1084 | | |
1085 | 0 | status = g_SspiW->MakeSignature(phContext, fQOP, pMessage, MessageSeqNo); |
1086 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "MakeSignature: %s (0x%08" PRIX32 ")", |
1087 | 0 | GetSecurityStatusString(status), status); |
1088 | 0 | return status; |
1089 | 0 | } |
1090 | | |
1091 | | SECURITY_STATUS SEC_ENTRY sspi_VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, |
1092 | | ULONG MessageSeqNo, PULONG pfQOP) |
1093 | 0 | { |
1094 | 0 | SECURITY_STATUS status = 0; |
1095 | 0 | InitOnceExecuteOnce(&g_Initialized, InitializeSspiModuleInt, NULL, NULL); |
1096 | |
|
1097 | 0 | if (!(g_SspiW && g_SspiW->VerifySignature)) |
1098 | 0 | { |
1099 | 0 | WLog_Print(g_Log, WLOG_WARN, "Security module does not provide an implementation"); |
1100 | |
|
1101 | 0 | return SEC_E_UNSUPPORTED_FUNCTION; |
1102 | 0 | } |
1103 | | |
1104 | 0 | status = g_SspiW->VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP); |
1105 | 0 | WLog_Print(g_Log, WLOG_DEBUG, "VerifySignature: %s (0x%08" PRIX32 ")", |
1106 | 0 | GetSecurityStatusString(status), status); |
1107 | 0 | return status; |
1108 | 0 | } |
1109 | | |
1110 | | WINPR_PRAGMA_DIAG_POP |
1111 | | |
1112 | | void sspi_FreeAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity) |
1113 | 29.9k | { |
1114 | 29.9k | if (!identity) |
1115 | 0 | return; |
1116 | 29.9k | free(identity->User); |
1117 | 29.9k | identity->UserLength = (UINT32)0; |
1118 | 29.9k | identity->User = NULL; |
1119 | | |
1120 | 29.9k | free(identity->Domain); |
1121 | 29.9k | identity->DomainLength = (UINT32)0; |
1122 | 29.9k | identity->Domain = NULL; |
1123 | | |
1124 | 29.9k | if (identity->PasswordLength > 0) |
1125 | 0 | memset(identity->Password, 0, identity->PasswordLength); |
1126 | 29.9k | free(identity->Password); |
1127 | 29.9k | identity->Password = NULL; |
1128 | 29.9k | identity->PasswordLength = (UINT32)0; |
1129 | 29.9k | } |