FreeRDP
kerberos.c File Reference
#include <winpr/config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <ctype.h>
#include <winpr/assert.h>
#include <winpr/crt.h>
#include <winpr/sspi.h>
#include <winpr/print.h>
#include <winpr/tchar.h>
#include <winpr/sysinfo.h>
#include <winpr/registry.h>
#include "kerberos.h"
#include "../sspi.h"
#include "../../log.h"

Macros

#define TAG   WINPR_TAG("sspi.Kerberos")
 

Functions

static KRB_CONTEXT * kerberos_ContextNew (void)
 
static void kerberos_ContextFree (KRB_CONTEXT *context)
 
static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA (SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse, void *pvLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
 
static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleW (SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse, void *pvLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
 
static SECURITY_STATUS SEC_ENTRY kerberos_FreeCredentialsHandle (PCredHandle phCredential)
 
static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesW (PCredHandle phCredential, ULONG ulAttribute, void *pBuffer)
 
static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA (PCredHandle phCredential, ULONG ulAttribute, void *pBuffer)
 
static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA (PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
 
static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextW (PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
 
static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext (PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpity)
 
static SECURITY_STATUS SEC_ENTRY kerberos_DeleteSecurityContext (PCtxtHandle phContext)
 
static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesA (PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
 
static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesW (PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
 
static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage (PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
 
static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage (PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG *pfQOP)
 
static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature (PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
 
static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature (PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG *pfQOP)
 

Variables

static const char * KRB_PACKAGE_NAME = "Kerberos"
 
const SecPkgInfoA KERBEROS_SecPkgInfoA
 
static WCHAR KERBEROS_SecPkgInfoW_Name [] = { 'K', 'e', 'r', 'b', 'e', 'r', 'o', 's', '\0' }
 
static WCHAR KERBEROS_SecPkgInfoW_Comment []
 
const SecPkgInfoW KERBEROS_SecPkgInfoW
 
static sspi_gss_OID_desc g_SSPI_GSS_C_SPNEGO_KRB5
 
static sspi_gss_OID SSPI_GSS_C_SPNEGO_KRB5 = &g_SSPI_GSS_C_SPNEGO_KRB5
 
const SecurityFunctionTableA KERBEROS_SecurityFunctionTableA
 
const SecurityFunctionTableW KERBEROS_SecurityFunctionTableW
 

Macro Definition Documentation

◆ TAG

#define TAG   WINPR_TAG("sspi.Kerberos")

FreeRDP: A Remote Desktop Protocol Client Kerberos Auth Protocol

Copyright 2015 ANSSI, Author Thomas Calderon Copyright 2017 Dorian Ducournau doria.nosp@m.n.du.nosp@m.courn.nosp@m.au@g.nosp@m.mail..nosp@m.com Copyright 2022 David Fort conta.nosp@m.ct@h.nosp@m.arden.nosp@m.ing-.nosp@m.consu.nosp@m.ltin.nosp@m.g.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Function Documentation

◆ kerberos_AcceptSecurityContext()

static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext ( PCredHandle  phCredential,
PCtxtHandle  phContext,
PSecBufferDesc  pInput,
ULONG  fContextReq,
ULONG  TargetDataRep,
PCtxtHandle  phNewContext,
PSecBufferDesc  pOutput,
ULONG *  pfContextAttr,
PTimeStamp  ptsExpity 
)
static
Here is the call graph for this function:

◆ kerberos_AcquireCredentialsHandleA()

static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA ( SEC_CHAR pszPrincipal,
SEC_CHAR pszPackage,
ULONG  fCredentialUse,
void *  pvLogonID,
void *  pAuthData,
SEC_GET_KEY_FN  pGetKeyFn,
void *  pvGetKeyArgument,
PCredHandle  phCredential,
PTimeStamp  ptsExpiry 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ kerberos_AcquireCredentialsHandleW()

static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleW ( SEC_WCHAR pszPrincipal,
SEC_WCHAR pszPackage,
ULONG  fCredentialUse,
void *  pvLogonID,
void *  pAuthData,
SEC_GET_KEY_FN  pGetKeyFn,
void *  pvGetKeyArgument,
PCredHandle  phCredential,
PTimeStamp  ptsExpiry 
)
static
Here is the call graph for this function:

◆ kerberos_ContextFree()

static void kerberos_ContextFree ( KRB_CONTEXT *  context)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ kerberos_ContextNew()

static KRB_CONTEXT* kerberos_ContextNew ( void  )
static
Here is the caller graph for this function:

◆ kerberos_DecryptMessage()

static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage ( PCtxtHandle  phContext,
PSecBufferDesc  pMessage,
ULONG  MessageSeqNo,
ULONG *  pfQOP 
)
static
Here is the call graph for this function:

◆ kerberos_DeleteSecurityContext()

static SECURITY_STATUS SEC_ENTRY kerberos_DeleteSecurityContext ( PCtxtHandle  phContext)
static
Here is the call graph for this function:

◆ kerberos_EncryptMessage()

static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage ( PCtxtHandle  phContext,
ULONG  fQOP,
PSecBufferDesc  pMessage,
ULONG  MessageSeqNo 
)
static
Here is the call graph for this function:

◆ kerberos_FreeCredentialsHandle()

static SECURITY_STATUS SEC_ENTRY kerberos_FreeCredentialsHandle ( PCredHandle  phCredential)
static
Here is the call graph for this function:

◆ kerberos_InitializeSecurityContextA()

static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA ( PCredHandle  phCredential,
PCtxtHandle  phContext,
SEC_CHAR pszTargetName,
ULONG  fContextReq,
ULONG  Reserved1,
ULONG  TargetDataRep,
PSecBufferDesc  pInput,
ULONG  Reserved2,
PCtxtHandle  phNewContext,
PSecBufferDesc  pOutput,
ULONG *  pfContextAttr,
PTimeStamp  ptsExpiry 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ kerberos_InitializeSecurityContextW()

static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextW ( PCredHandle  phCredential,
PCtxtHandle  phContext,
SEC_WCHAR pszTargetName,
ULONG  fContextReq,
ULONG  Reserved1,
ULONG  TargetDataRep,
PSecBufferDesc  pInput,
ULONG  Reserved2,
PCtxtHandle  phNewContext,
PSecBufferDesc  pOutput,
ULONG *  pfContextAttr,
PTimeStamp  ptsExpiry 
)
static
Here is the call graph for this function:

◆ kerberos_MakeSignature()

static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature ( PCtxtHandle  phContext,
ULONG  fQOP,
PSecBufferDesc  pMessage,
ULONG  MessageSeqNo 
)
static
Here is the call graph for this function:

◆ kerberos_QueryContextAttributesA()

static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesA ( PCtxtHandle  phContext,
ULONG  ulAttribute,
void *  pBuffer 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ kerberos_QueryContextAttributesW()

static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesW ( PCtxtHandle  phContext,
ULONG  ulAttribute,
void *  pBuffer 
)
static
Here is the call graph for this function:

◆ kerberos_QueryCredentialsAttributesA()

static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA ( PCredHandle  phCredential,
ULONG  ulAttribute,
void *  pBuffer 
)
static
Here is the call graph for this function:

◆ kerberos_QueryCredentialsAttributesW()

static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesW ( PCredHandle  phCredential,
ULONG  ulAttribute,
void *  pBuffer 
)
static
Here is the caller graph for this function:

◆ kerberos_VerifySignature()

static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature ( PCtxtHandle  phContext,
PSecBufferDesc  pMessage,
ULONG  MessageSeqNo,
ULONG *  pfQOP 
)
static
Here is the call graph for this function:

Variable Documentation

◆ g_SSPI_GSS_C_SPNEGO_KRB5

sspi_gss_OID_desc g_SSPI_GSS_C_SPNEGO_KRB5
static
Initial value:
= {
9, (void*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
}

◆ KERBEROS_SecPkgInfoA

const SecPkgInfoA KERBEROS_SecPkgInfoA
Initial value:
= {
0x000F3BBF,
1,
0x0010,
0x0000BB80,
"Kerberos",
"Kerberos Security Package"
}

◆ KERBEROS_SecPkgInfoW

const SecPkgInfoW KERBEROS_SecPkgInfoW
Initial value:
= {
0x000F3BBF,
1,
0x0010,
0x0000BB80,
}

◆ KERBEROS_SecPkgInfoW_Comment

WCHAR KERBEROS_SecPkgInfoW_Comment[]
static
Initial value:
= { 'K', 'e', 'r', 'b', 'e', 'r', 'o', 's', ' ',
'S', 'e', 'c', 'u', 'r', 'i', 't', 'y', ' ',
'P', 'a', 'c', 'k', 'a', 'g', 'e', '\0' }

◆ KERBEROS_SecPkgInfoW_Name

WCHAR KERBEROS_SecPkgInfoW_Name[] = { 'K', 'e', 'r', 'b', 'e', 'r', 'o', 's', '\0' }
static

◆ KERBEROS_SecurityFunctionTableA

◆ KERBEROS_SecurityFunctionTableW

◆ KRB_PACKAGE_NAME

const char* KRB_PACKAGE_NAME = "Kerberos"
static

◆ SSPI_GSS_C_SPNEGO_KRB5

sspi_gss_OID SSPI_GSS_C_SPNEGO_KRB5 = &g_SSPI_GSS_C_SPNEGO_KRB5
static
kerberos_QueryCredentialsAttributesA
static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA(PCredHandle phCredential, ULONG ulAttribute, void *pBuffer)
Definition: kerberos.c:479
kerberos_InitializeSecurityContextA
static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
Definition: kerberos.c:486
kerberos_InitializeSecurityContextW
static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextW(PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
Definition: kerberos.c:591
kerberos_FreeCredentialsHandle
static SECURITY_STATUS SEC_ENTRY kerberos_FreeCredentialsHandle(PCredHandle phCredential)
Definition: kerberos.c:449
kerberos_VerifySignature
static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG *pfQOP)
Definition: kerberos.c:939
kerberos_MakeSignature
static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
Definition: kerberos.c:895
KERBEROS_SecPkgInfoW_Comment
static WCHAR KERBEROS_SecPkgInfoW_Comment[]
Definition: kerberos.c:69
kerberos_EncryptMessage
static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
Definition: kerberos.c:749
kerberos_AcquireCredentialsHandleA
static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA(SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse, void *pvLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
Definition: kerberos.c:168
KERBEROS_SecPkgInfoW_Name
static WCHAR KERBEROS_SecPkgInfoW_Name[]
Definition: kerberos.c:67
kerberos_DeleteSecurityContext
static SECURITY_STATUS SEC_ENTRY kerberos_DeleteSecurityContext(PCtxtHandle phContext)
Definition: kerberos.c:690
kerberos_AcquireCredentialsHandleW
static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleW(SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse, void *pvLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
Definition: kerberos.c:423
kerberos_QueryCredentialsAttributesW
static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesW(PCredHandle phCredential, ULONG ulAttribute, void *pBuffer)
Definition: kerberos.c:466
kerberos_QueryContextAttributesA
static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
Definition: kerberos.c:702
kerberos_AcceptSecurityContext
static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpity)
Definition: kerberos.c:612
kerberos_DecryptMessage
static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG *pfQOP)
Definition: kerberos.c:835
NULL
if availableBytes return NULL
Definition: TPCircularBuffer.h:109
kerberos_QueryContextAttributesW
static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesW(PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
Definition: kerberos.c:743