kerberos.c File Reference

#include <winpr/config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <ctype.h>
#include <winpr/assert.h>
#include <winpr/crt.h>
#include <winpr/sspi.h>
#include <winpr/print.h>
#include <winpr/tchar.h>
#include <winpr/sysinfo.h>
#include <winpr/registry.h>
#include "kerberos.h"
#include "../sspi.h"
#include "../../log.h"

Macros
#define	TAG   WINPR_TAG("sspi.Kerberos")

Functions
static KRB_CONTEXT *	kerberos_ContextNew (void)
static void	kerberos_ContextFree (KRB_CONTEXT *context)
static SECURITY_STATUS SEC_ENTRY	kerberos_AcquireCredentialsHandleA (SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse, void *pvLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
static SECURITY_STATUS SEC_ENTRY	kerberos_AcquireCredentialsHandleW (SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse, void *pvLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
static SECURITY_STATUS SEC_ENTRY	kerberos_FreeCredentialsHandle (PCredHandle phCredential)
static SECURITY_STATUS SEC_ENTRY	kerberos_QueryCredentialsAttributesW (PCredHandle phCredential, ULONG ulAttribute, void *pBuffer)
static SECURITY_STATUS SEC_ENTRY	kerberos_QueryCredentialsAttributesA (PCredHandle phCredential, ULONG ulAttribute, void *pBuffer)
static SECURITY_STATUS SEC_ENTRY	kerberos_InitializeSecurityContextA (PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
static SECURITY_STATUS SEC_ENTRY	kerberos_InitializeSecurityContextW (PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
static SECURITY_STATUS SEC_ENTRY	kerberos_AcceptSecurityContext (PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpity)
static SECURITY_STATUS SEC_ENTRY	kerberos_DeleteSecurityContext (PCtxtHandle phContext)
static SECURITY_STATUS SEC_ENTRY	kerberos_QueryContextAttributesA (PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
static SECURITY_STATUS SEC_ENTRY	kerberos_QueryContextAttributesW (PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
static SECURITY_STATUS SEC_ENTRY	kerberos_EncryptMessage (PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
static SECURITY_STATUS SEC_ENTRY	kerberos_DecryptMessage (PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG *pfQOP)
static SECURITY_STATUS SEC_ENTRY	kerberos_MakeSignature (PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
static SECURITY_STATUS SEC_ENTRY	kerberos_VerifySignature (PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG *pfQOP)

Variables
static const char *	KRB_PACKAGE_NAME = "Kerberos"
const SecPkgInfoA	KERBEROS_SecPkgInfoA
static WCHAR	KERBEROS_SecPkgInfoW_Name [] = { 'K', 'e', 'r', 'b', 'e', 'r', 'o', 's', '\0' }
static WCHAR	KERBEROS_SecPkgInfoW_Comment []
const SecPkgInfoW	KERBEROS_SecPkgInfoW
static sspi_gss_OID_desc	g_SSPI_GSS_C_SPNEGO_KRB5
static sspi_gss_OID	SSPI_GSS_C_SPNEGO_KRB5 = &g_SSPI_GSS_C_SPNEGO_KRB5
const SecurityFunctionTableA	KERBEROS_SecurityFunctionTableA
const SecurityFunctionTableW	KERBEROS_SecurityFunctionTableW

Macro Definition Documentation

TAG

#define TAG   WINPR_TAG("sspi.Kerberos")

FreeRDP: A Remote Desktop Protocol Client Kerberos Auth Protocol

Copyright 2015 ANSSI, Author Thomas Calderon Copyright 2017 Dorian Ducournau doria.nosp@m.n.du.nosp@m.courn.nosp@m.au@g.nosp@m.mail..nosp@m.com Copyright 2022 David Fort conta.nosp@m.ct@h.nosp@m.arden.nosp@m.ing-.nosp@m.consu.nosp@m.ltin.nosp@m.g.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Function Documentation

kerberos_AcceptSecurityContext()

static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext ( PCredHandle  phCredential, PCtxtHandle  phContext, PSecBufferDesc  pInput, ULONG  fContextReq, ULONG  TargetDataRep, PCtxtHandle  phNewContext, PSecBufferDesc  pOutput, ULONG *  pfContextAttr, PTimeStamp  ptsExpity  )

static

Here is the call graph for this function:

kerberos_AcquireCredentialsHandleA()

static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA ( SEC_CHAR *  pszPrincipal, SEC_CHAR *  pszPackage, ULONG  fCredentialUse, void *  pvLogonID, void *  pAuthData, SEC_GET_KEY_FN  pGetKeyFn, void *  pvGetKeyArgument, PCredHandle  phCredential, PTimeStamp  ptsExpiry  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

kerberos_AcquireCredentialsHandleW()

static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleW ( SEC_WCHAR *  pszPrincipal, SEC_WCHAR *  pszPackage, ULONG  fCredentialUse, void *  pvLogonID, void *  pAuthData, SEC_GET_KEY_FN  pGetKeyFn, void *  pvGetKeyArgument, PCredHandle  phCredential, PTimeStamp  ptsExpiry  )

static

Here is the call graph for this function:

kerberos_ContextFree()

static void kerberos_ContextFree ( KRB_CONTEXT *  context )

static

Here is the call graph for this function:

Here is the caller graph for this function:

kerberos_ContextNew()

static KRB_CONTEXT* kerberos_ContextNew ( void  )

static

Here is the caller graph for this function:

kerberos_DecryptMessage()

static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage ( PCtxtHandle  phContext, PSecBufferDesc  pMessage, ULONG  MessageSeqNo, ULONG *  pfQOP  )

static

Here is the call graph for this function:

kerberos_DeleteSecurityContext()

static SECURITY_STATUS SEC_ENTRY kerberos_DeleteSecurityContext ( PCtxtHandle  phContext )

static

Here is the call graph for this function:

kerberos_EncryptMessage()

static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage ( PCtxtHandle  phContext, ULONG  fQOP, PSecBufferDesc  pMessage, ULONG  MessageSeqNo  )

static

Here is the call graph for this function:

kerberos_FreeCredentialsHandle()

static SECURITY_STATUS SEC_ENTRY kerberos_FreeCredentialsHandle ( PCredHandle  phCredential )

static

Here is the call graph for this function:

kerberos_InitializeSecurityContextA()

static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA ( PCredHandle  phCredential, PCtxtHandle  phContext, SEC_CHAR *  pszTargetName, ULONG  fContextReq, ULONG  Reserved1, ULONG  TargetDataRep, PSecBufferDesc  pInput, ULONG  Reserved2, PCtxtHandle  phNewContext, PSecBufferDesc  pOutput, ULONG *  pfContextAttr, PTimeStamp  ptsExpiry  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

kerberos_InitializeSecurityContextW()

static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextW ( PCredHandle  phCredential, PCtxtHandle  phContext, SEC_WCHAR *  pszTargetName, ULONG  fContextReq, ULONG  Reserved1, ULONG  TargetDataRep, PSecBufferDesc  pInput, ULONG  Reserved2, PCtxtHandle  phNewContext, PSecBufferDesc  pOutput, ULONG *  pfContextAttr, PTimeStamp  ptsExpiry  )

static

Here is the call graph for this function:

kerberos_MakeSignature()

static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature ( PCtxtHandle  phContext, ULONG  fQOP, PSecBufferDesc  pMessage, ULONG  MessageSeqNo  )

static

Here is the call graph for this function:

kerberos_QueryContextAttributesA()

static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesA ( PCtxtHandle  phContext, ULONG  ulAttribute, void *  pBuffer  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

kerberos_QueryContextAttributesW()

static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesW ( PCtxtHandle  phContext, ULONG  ulAttribute, void *  pBuffer  )

static

Here is the call graph for this function:

kerberos_QueryCredentialsAttributesA()

static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA ( PCredHandle  phCredential, ULONG  ulAttribute, void *  pBuffer  )

static

Here is the call graph for this function:

kerberos_QueryCredentialsAttributesW()

static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesW ( PCredHandle  phCredential, ULONG  ulAttribute, void *  pBuffer  )

static

Here is the caller graph for this function:

kerberos_VerifySignature()

static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature ( PCtxtHandle  phContext, PSecBufferDesc  pMessage, ULONG  MessageSeqNo, ULONG *  pfQOP  )

static

Here is the call graph for this function:

Variable Documentation

g_SSPI_GSS_C_SPNEGO_KRB5

sspi_gss_OID_desc g_SSPI_GSS_C_SPNEGO_KRB5

static

Initial value:

= {
        9, (void*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
}

KERBEROS_SecPkgInfoA

const SecPkgInfoA KERBEROS_SecPkgInfoA

Initial value:

= {
        0x000F3BBF,                 
        1,                          
        0x0010,                     
        0x0000BB80,                 
        "Kerberos",                 
        "Kerberos Security Package" 
}

KERBEROS_SecPkgInfoW

const SecPkgInfoW KERBEROS_SecPkgInfoW

Initial value:

= {
        0x000F3BBF,                  
        1,                           
        0x0010,                      
        0x0000BB80,                  
        KERBEROS_SecPkgInfoW_Name,   
        KERBEROS_SecPkgInfoW_Comment 
}

KERBEROS_SecPkgInfoW_Comment

WCHAR KERBEROS_SecPkgInfoW_Comment[]

static

Initial value:

= { 'K', 'e', 'r', 'b', 'e', 'r', 'o', 's', ' ',
                                                    'S', 'e', 'c', 'u', 'r', 'i', 't', 'y', ' ',
                                                    'P', 'a', 'c', 'k', 'a', 'g', 'e', '\0' }

KERBEROS_SecPkgInfoW_Name

WCHAR KERBEROS_SecPkgInfoW_Name[] = { 'K', 'e', 'r', 'b', 'e', 'r', 'o', 's', '\0' }

static

KERBEROS_SecurityFunctionTableA

const SecurityFunctionTableA KERBEROS_SecurityFunctionTableA

Initial value:

= {
        1,                                    
        NULL,                                 
        kerberos_QueryCredentialsAttributesA, 
        kerberos_AcquireCredentialsHandleA,   
        kerberos_FreeCredentialsHandle,       
        NULL,                                 
        kerberos_InitializeSecurityContextA,  
        kerberos_AcceptSecurityContext,       
        NULL,                                 
        kerberos_DeleteSecurityContext,       
        NULL,                                 
        kerberos_QueryContextAttributesA,     
        NULL,                                 
        NULL,                                 
        kerberos_MakeSignature,               
        kerberos_VerifySignature,             
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        kerberos_EncryptMessage,              
        kerberos_DecryptMessage,              
        NULL,                                 
}

KERBEROS_SecurityFunctionTableW

const SecurityFunctionTableW KERBEROS_SecurityFunctionTableW

Initial value:

= {
        1,                                    
        NULL,                                 
        kerberos_QueryCredentialsAttributesW, 
        kerberos_AcquireCredentialsHandleW,   
        kerberos_FreeCredentialsHandle,       
        NULL,                                 
        kerberos_InitializeSecurityContextW,  
        kerberos_AcceptSecurityContext,       
        NULL,                                 
        kerberos_DeleteSecurityContext,       
        NULL,                                 
        kerberos_QueryContextAttributesW,     
        NULL,                                 
        NULL,                                 
        kerberos_MakeSignature,               
        kerberos_VerifySignature,             
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        NULL,                                 
        kerberos_EncryptMessage,              
        kerberos_DecryptMessage,              
        NULL,                                 
}

KRB_PACKAGE_NAME

const char* KRB_PACKAGE_NAME = "Kerberos"

static

SSPI_GSS_C_SPNEGO_KRB5

sspi_gss_OID SSPI_GSS_C_SPNEGO_KRB5 = &g_SSPI_GSS_C_SPNEGO_KRB5

static