/src/FreeRDP/winpr/libwinpr/sspicli/sspicli.c

Source
/**
 * WinPR: Windows Portable Runtime
 * Security Support Provider Interface
 *
 * Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <winpr/config.h>

#include <winpr/assert.h>
#include <winpr/sspicli.h>

/**
 * sspicli.dll:
 *
 * EnumerateSecurityPackagesA
 * EnumerateSecurityPackagesW
 * GetUserNameExW
 * ImportSecurityContextA
 * LogonUser
 * LogonUserEx
 * LogonUserExExW
 * SspiCompareAuthIdentities
 * SspiCopyAuthIdentity
 * SspiDecryptAuthIdentity
 * SspiEncodeAuthIdentityAsStrings
 * SspiEncodeStringsAsAuthIdentity
 * SspiEncryptAuthIdentity
 * SspiExcludePackage
 * SspiFreeAuthIdentity
 * SspiGetTargetHostName
 * SspiIsAuthIdentityEncrypted
 * SspiLocalFree
 * SspiMarshalAuthIdentity
 * SspiPrepareForCredRead
 * SspiPrepareForCredWrite
 * SspiUnmarshalAuthIdentity
 * SspiValidateAuthIdentity
 * SspiZeroAuthIdentity
 */

#ifndef _WIN32

#include <winpr/crt.h>

#ifdef WINPR_HAVE_UNISTD_H
#include <unistd.h>
#endif

#if defined(WINPR_HAVE_GETPWUID_R)
#include <sys/types.h>
#endif

#include <pthread.h>

#include <pwd.h>
#include <grp.h>

#include "../handle/handle.h"

#include "../security/security.h"

static BOOL LogonUserCloseHandle(HANDLE handle);

static BOOL LogonUserIsHandled(HANDLE handle)
{
  return WINPR_HANDLE_IS_HANDLED(handle, HANDLE_TYPE_ACCESS_TOKEN, FALSE);
}

static int LogonUserGetFd(HANDLE handle)
{
  WINPR_ACCESS_TOKEN* pLogonUser = (WINPR_ACCESS_TOKEN*)handle;

  if (!LogonUserIsHandled(handle))
    return -1;

  /* TODO: File fd not supported */
  (void)pLogonUser;
  return -1;
}

BOOL LogonUserCloseHandle(HANDLE handle)
{
  WINPR_ACCESS_TOKEN* token = (WINPR_ACCESS_TOKEN*)handle;

  if (!handle || !LogonUserIsHandled(handle))
    return FALSE;

  free(token->Username);
  free(token->Domain);
  free(token);
  return TRUE;
}

static HANDLE_OPS ops = { LogonUserIsHandled,
                        LogonUserCloseHandle,
                        LogonUserGetFd,
                        NULL, /* CleanupHandle */
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL,
                        NULL };

BOOL LogonUserA(LPCSTR lpszUsername, LPCSTR lpszDomain, WINPR_ATTR_UNUSED LPCSTR lpszPassword,
                WINPR_ATTR_UNUSED DWORD dwLogonType, WINPR_ATTR_UNUSED DWORD dwLogonProvider,
                PHANDLE phToken)
{
  if (!lpszUsername)
    return FALSE;

  WINPR_ACCESS_TOKEN* token = (WINPR_ACCESS_TOKEN*)calloc(1, sizeof(WINPR_ACCESS_TOKEN));

  if (!token)
    return FALSE;

  WINPR_HANDLE_SET_TYPE_AND_MODE(token, HANDLE_TYPE_ACCESS_TOKEN, WINPR_FD_READ);
  token->common.ops = &ops;
  token->Username = _strdup(lpszUsername);

  if (!token->Username)
    goto fail;

  if (lpszDomain)
  {
    token->Domain = _strdup(lpszDomain);

    if (!token->Domain)
      goto fail;
  }

  {
    long buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
    if (buflen < 0)
      buflen = 8196;

    {
      const size_t s = 1ULL + (size_t)buflen;
      char* buf = (char*)calloc(s, sizeof(char));
      if (!buf)
        goto fail;

      {
        struct passwd pwd = { 0 };
        struct passwd* pw = NULL;
        const int rc = getpwnam_r(lpszUsername, &pwd, buf,
                                  WINPR_ASSERTING_INT_CAST(size_t, buflen), &pw);
        free(buf);
        if ((rc == 0) && pw)
        {
          token->UserId = (DWORD)pw->pw_uid;
          token->GroupId = (DWORD)pw->pw_gid;
        }

        *((ULONG_PTR*)phToken) = (ULONG_PTR)token;
        return TRUE;
      }
    }
  }
fail:
  free(token->Username);
  free(token->Domain);
  free(token);
  return FALSE;
}

BOOL LogonUserW(WINPR_ATTR_UNUSED LPCWSTR lpszUsername, WINPR_ATTR_UNUSED LPCWSTR lpszDomain,
                WINPR_ATTR_UNUSED LPCWSTR lpszPassword, WINPR_ATTR_UNUSED DWORD dwLogonType,
                WINPR_ATTR_UNUSED DWORD dwLogonProvider, WINPR_ATTR_UNUSED PHANDLE phToken)
{
  WLog_ERR("TODO", "TODO: implement");
  return TRUE;
}

BOOL LogonUserExA(WINPR_ATTR_UNUSED LPCSTR lpszUsername, WINPR_ATTR_UNUSED LPCSTR lpszDomain,
                  WINPR_ATTR_UNUSED LPCSTR lpszPassword, WINPR_ATTR_UNUSED DWORD dwLogonType,
                  WINPR_ATTR_UNUSED DWORD dwLogonProvider, WINPR_ATTR_UNUSED PHANDLE phToken,
                  WINPR_ATTR_UNUSED PSID* ppLogonSid, WINPR_ATTR_UNUSED PVOID* ppProfileBuffer,
                  WINPR_ATTR_UNUSED LPDWORD pdwProfileLength,
                  WINPR_ATTR_UNUSED PQUOTA_LIMITS pQuotaLimits)
{
  WLog_ERR("TODO", "TODO: implement");
  return TRUE;
}

BOOL LogonUserExW(WINPR_ATTR_UNUSED LPCWSTR lpszUsername, WINPR_ATTR_UNUSED LPCWSTR lpszDomain,
                  WINPR_ATTR_UNUSED LPCWSTR lpszPassword, WINPR_ATTR_UNUSED DWORD dwLogonType,
                  WINPR_ATTR_UNUSED DWORD dwLogonProvider, WINPR_ATTR_UNUSED PHANDLE phToken,
                  WINPR_ATTR_UNUSED PSID* ppLogonSid, WINPR_ATTR_UNUSED PVOID* ppProfileBuffer,
                  WINPR_ATTR_UNUSED LPDWORD pdwProfileLength,
                  WINPR_ATTR_UNUSED PQUOTA_LIMITS pQuotaLimits)
{
  WLog_ERR("TODO", "TODO: implement");
  return TRUE;
}

BOOL GetUserNameExA(EXTENDED_NAME_FORMAT NameFormat, LPSTR lpNameBuffer, PULONG nSize)
{
  WINPR_ASSERT(lpNameBuffer);
  WINPR_ASSERT(nSize);

  switch (NameFormat)
  {
    case NameSamCompatible:
#if defined(WINPR_HAVE_GETPWUID_R)
    {
      int rc = 0;
      struct passwd pwd = { 0 };
      struct passwd* result = NULL;
      uid_t uid = getuid();

      rc = getpwuid_r(uid, &pwd, lpNameBuffer, *nSize, &result);
      if (rc != 0)
        return FALSE;
      if (result == NULL)
        return FALSE;
    }
#elif defined(WINPR_HAVE_GETLOGIN_R)
      if (getlogin_r(lpNameBuffer, *nSize) != 0)
        return FALSE;
#else
    {
      const char* name = getlogin();
      if (!name)
        return FALSE;
      strncpy(lpNameBuffer, name, strnlen(name, *nSize));
    }
#endif
      {
        const size_t len = strnlen(lpNameBuffer, *nSize);
        if (len > UINT32_MAX)
          return FALSE;
        *nSize = (ULONG)len;
      }
      return TRUE;

    case NameFullyQualifiedDN:
    case NameDisplay:
    case NameUniqueId:
    case NameCanonical:
    case NameUserPrincipal:
    case NameCanonicalEx:
    case NameServicePrincipal:
    case NameDnsDomain:
      break;

    default:
      break;
  }

  return FALSE;
}

BOOL GetUserNameExW(EXTENDED_NAME_FORMAT NameFormat, LPWSTR lpNameBuffer, PULONG nSize)
{
  BOOL rc = FALSE;
  char* name = NULL;

  WINPR_ASSERT(nSize);
  WINPR_ASSERT(lpNameBuffer);

  name = calloc(1, *nSize + 1);
  if (!name)
    goto fail;

  if (!GetUserNameExA(NameFormat, name, nSize))
    goto fail;

  {
    const SSIZE_T res = ConvertUtf8ToWChar(name, lpNameBuffer, *nSize);
    if ((res < 0) || (res >= UINT32_MAX))
      goto fail;

    *nSize = (UINT32)res + 1;
  }
  rc = TRUE;
fail:
  free(name);
  return rc;
}

#endif

Coverage Report

Created: 2026-01-09 06:49

Line	Count	Source
1		/**
2		* WinPR: Windows Portable Runtime
3		* Security Support Provider Interface
4		*
5		* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
6		*
7		* Licensed under the Apache License, Version 2.0 (the "License");
8		* you may not use this file except in compliance with the License.
9		* You may obtain a copy of the License at
10		*
11		* http://www.apache.org/licenses/LICENSE-2.0
12		*
13		* Unless required by applicable law or agreed to in writing, software
14		* distributed under the License is distributed on an "AS IS" BASIS,
15		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16		* See the License for the specific language governing permissions and
17		* limitations under the License.
18		*/
19
20		#include <winpr/config.h>
21
22		#include <winpr/assert.h>
23		#include <winpr/sspicli.h>
24
25		/**
26		* sspicli.dll:
27		*
28		* EnumerateSecurityPackagesA
29		* EnumerateSecurityPackagesW
30		* GetUserNameExW
31		* ImportSecurityContextA
32		* LogonUser
33		* LogonUserEx
34		* LogonUserExExW
35		* SspiCompareAuthIdentities
36		* SspiCopyAuthIdentity
37		* SspiDecryptAuthIdentity
38		* SspiEncodeAuthIdentityAsStrings
39		* SspiEncodeStringsAsAuthIdentity
40		* SspiEncryptAuthIdentity
41		* SspiExcludePackage
42		* SspiFreeAuthIdentity
43		* SspiGetTargetHostName
44		* SspiIsAuthIdentityEncrypted
45		* SspiLocalFree
46		* SspiMarshalAuthIdentity
47		* SspiPrepareForCredRead
48		* SspiPrepareForCredWrite
49		* SspiUnmarshalAuthIdentity
50		* SspiValidateAuthIdentity
51		* SspiZeroAuthIdentity
52		*/
53
54		#ifndef _WIN32
55
56		#include <winpr/crt.h>
57
58		#ifdef WINPR_HAVE_UNISTD_H
59		#include <unistd.h>
60		#endif
61
62		#if defined(WINPR_HAVE_GETPWUID_R)
63		#include <sys/types.h>
64		#endif
65
66		#include <pthread.h>
67
68		#include <pwd.h>
69		#include <grp.h>
70
71		#include "../handle/handle.h"
72
73		#include "../security/security.h"
74
75		static BOOL LogonUserCloseHandle(HANDLE handle);
76
77		static BOOL LogonUserIsHandled(HANDLE handle)
78	0	{
79	0	return WINPR_HANDLE_IS_HANDLED(handle, HANDLE_TYPE_ACCESS_TOKEN, FALSE);
80	0	}
81
82		static int LogonUserGetFd(HANDLE handle)
83	0	{
84	0	WINPR_ACCESS_TOKEN* pLogonUser = (WINPR_ACCESS_TOKEN*)handle;
85
86	0	if (!LogonUserIsHandled(handle))
87	0	return -1;
88
89		/* TODO: File fd not supported */
90	0	(void)pLogonUser;
91	0	return -1;
92	0	}
93
94		BOOL LogonUserCloseHandle(HANDLE handle)
95	0	{
96	0	WINPR_ACCESS_TOKEN* token = (WINPR_ACCESS_TOKEN*)handle;
97
98	0	if (!handle \|\| !LogonUserIsHandled(handle))
99	0	return FALSE;
100
101	0	free(token->Username);
102	0	free(token->Domain);
103	0	free(token);
104	0	return TRUE;
105	0	}
106
107		static HANDLE_OPS ops = { LogonUserIsHandled,
108		LogonUserCloseHandle,
109		LogonUserGetFd,
110		NULL, /* CleanupHandle */
111		NULL,
112		NULL,
113		NULL,
114		NULL,
115		NULL,
116		NULL,
117		NULL,
118		NULL,
119		NULL,
120		NULL,
121		NULL,
122		NULL,
123		NULL,
124		NULL,
125		NULL,
126		NULL,
127		NULL };
128
129		BOOL LogonUserA(LPCSTR lpszUsername, LPCSTR lpszDomain, WINPR_ATTR_UNUSED LPCSTR lpszPassword,
130		WINPR_ATTR_UNUSED DWORD dwLogonType, WINPR_ATTR_UNUSED DWORD dwLogonProvider,
131		PHANDLE phToken)
132	0	{
133	0	if (!lpszUsername)
134	0	return FALSE;
135
136	0	WINPR_ACCESS_TOKEN* token = (WINPR_ACCESS_TOKEN*)calloc(1, sizeof(WINPR_ACCESS_TOKEN));
137
138	0	if (!token)
139	0	return FALSE;
140
141	0	WINPR_HANDLE_SET_TYPE_AND_MODE(token, HANDLE_TYPE_ACCESS_TOKEN, WINPR_FD_READ);
142	0	token->common.ops = &ops;
143	0	token->Username = _strdup(lpszUsername);
144
145	0	if (!token->Username)
146	0	goto fail;
147
148	0	if (lpszDomain)
149	0	{
150	0	token->Domain = _strdup(lpszDomain);
151
152	0	if (!token->Domain)
153	0	goto fail;
154	0	}
155
156	0	{
157	0	long buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
158	0	if (buflen < 0)
159	0	buflen = 8196;
160
161	0	{
162	0	const size_t s = 1ULL + (size_t)buflen;
163	0	char* buf = (char*)calloc(s, sizeof(char));
164	0	if (!buf)
165	0	goto fail;
166
167	0	{
168	0	struct passwd pwd = { 0 };
169	0	struct passwd* pw = NULL;
170	0	const int rc = getpwnam_r(lpszUsername, &pwd, buf,
171	0	WINPR_ASSERTING_INT_CAST(size_t, buflen), &pw);
172	0	free(buf);
173	0	if ((rc == 0) && pw)
174	0	{
175	0	token->UserId = (DWORD)pw->pw_uid;
176	0	token->GroupId = (DWORD)pw->pw_gid;
177	0	}
178
179	0	((ULONG_PTR)phToken) = (ULONG_PTR)token;
180	0	return TRUE;
181	0	}
182	0	}
183	0	}
184	0	fail:
185	0	free(token->Username);
186	0	free(token->Domain);
187	0	free(token);
188	0	return FALSE;
189	0	}
190
191		BOOL LogonUserW(WINPR_ATTR_UNUSED LPCWSTR lpszUsername, WINPR_ATTR_UNUSED LPCWSTR lpszDomain,
192		WINPR_ATTR_UNUSED LPCWSTR lpszPassword, WINPR_ATTR_UNUSED DWORD dwLogonType,
193		WINPR_ATTR_UNUSED DWORD dwLogonProvider, WINPR_ATTR_UNUSED PHANDLE phToken)
194	0	{
195	0	WLog_ERR("TODO", "TODO: implement");
196	0	return TRUE;
197	0	}
198
199		BOOL LogonUserExA(WINPR_ATTR_UNUSED LPCSTR lpszUsername, WINPR_ATTR_UNUSED LPCSTR lpszDomain,
200		WINPR_ATTR_UNUSED LPCSTR lpszPassword, WINPR_ATTR_UNUSED DWORD dwLogonType,
201		WINPR_ATTR_UNUSED DWORD dwLogonProvider, WINPR_ATTR_UNUSED PHANDLE phToken,
202		WINPR_ATTR_UNUSED PSID* ppLogonSid, WINPR_ATTR_UNUSED PVOID* ppProfileBuffer,
203		WINPR_ATTR_UNUSED LPDWORD pdwProfileLength,
204		WINPR_ATTR_UNUSED PQUOTA_LIMITS pQuotaLimits)
205	0	{
206	0	WLog_ERR("TODO", "TODO: implement");
207	0	return TRUE;
208	0	}
209
210		BOOL LogonUserExW(WINPR_ATTR_UNUSED LPCWSTR lpszUsername, WINPR_ATTR_UNUSED LPCWSTR lpszDomain,
211		WINPR_ATTR_UNUSED LPCWSTR lpszPassword, WINPR_ATTR_UNUSED DWORD dwLogonType,
212		WINPR_ATTR_UNUSED DWORD dwLogonProvider, WINPR_ATTR_UNUSED PHANDLE phToken,
213		WINPR_ATTR_UNUSED PSID* ppLogonSid, WINPR_ATTR_UNUSED PVOID* ppProfileBuffer,
214		WINPR_ATTR_UNUSED LPDWORD pdwProfileLength,
215		WINPR_ATTR_UNUSED PQUOTA_LIMITS pQuotaLimits)
216	0	{
217	0	WLog_ERR("TODO", "TODO: implement");
218	0	return TRUE;
219	0	}
220
221		BOOL GetUserNameExA(EXTENDED_NAME_FORMAT NameFormat, LPSTR lpNameBuffer, PULONG nSize)
222	0	{
223	0	WINPR_ASSERT(lpNameBuffer);
224	0	WINPR_ASSERT(nSize);
225
226	0	switch (NameFormat)
227	0	{
228	0	case NameSamCompatible:
229	0	#if defined(WINPR_HAVE_GETPWUID_R)
230	0	{
231	0	int rc = 0;
232	0	struct passwd pwd = { 0 };
233	0	struct passwd* result = NULL;
234	0	uid_t uid = getuid();
235
236	0	rc = getpwuid_r(uid, &pwd, lpNameBuffer, *nSize, &result);
237	0	if (rc != 0)
238	0	return FALSE;
239	0	if (result == NULL)
240	0	return FALSE;
241	0	}
242		#elif defined(WINPR_HAVE_GETLOGIN_R)
243		if (getlogin_r(lpNameBuffer, *nSize) != 0)
244		return FALSE;
245		#else
246		{
247		const char* name = getlogin();
248		if (!name)
249		return FALSE;
250		strncpy(lpNameBuffer, name, strnlen(name, *nSize));
251		}
252		#endif
253	0	{
254	0	const size_t len = strnlen(lpNameBuffer, *nSize);
255	0	if (len > UINT32_MAX)
256	0	return FALSE;
257	0	*nSize = (ULONG)len;
258	0	}
259	0	return TRUE;
260
261	0	case NameFullyQualifiedDN:
262	0	case NameDisplay:
263	0	case NameUniqueId:
264	0	case NameCanonical:
265	0	case NameUserPrincipal:
266	0	case NameCanonicalEx:
267	0	case NameServicePrincipal:
268	0	case NameDnsDomain:
269	0	break;
270
271	0	default:
272	0	break;
273	0	}
274
275	0	return FALSE;
276	0	}
277
278		BOOL GetUserNameExW(EXTENDED_NAME_FORMAT NameFormat, LPWSTR lpNameBuffer, PULONG nSize)
279	0	{
280	0	BOOL rc = FALSE;
281	0	char* name = NULL;
282
283	0	WINPR_ASSERT(nSize);
284	0	WINPR_ASSERT(lpNameBuffer);
285
286	0	name = calloc(1, *nSize + 1);
287	0	if (!name)
288	0	goto fail;
289
290	0	if (!GetUserNameExA(NameFormat, name, nSize))
291	0	goto fail;
292
293	0	{
294	0	const SSIZE_T res = ConvertUtf8ToWChar(name, lpNameBuffer, *nSize);
295	0	if ((res < 0) \|\| (res >= UINT32_MAX))
296	0	goto fail;
297
298	0	*nSize = (UINT32)res + 1;
299	0	}
300	0	rc = TRUE;
301	0	fail:
302	0	free(name);
303	0	return rc;
304	0	}
305
306		#endif