FreeRDP
Loading...
Searching...
No Matches
sspi_winpr.c
1
21#include <winpr/config.h>
22#include <winpr/assert.h>
23#include <winpr/windows.h>
24
25#include <winpr/crt.h>
26#include <winpr/sspi.h>
27#include <winpr/ssl.h>
28#include <winpr/print.h>
29
30#include "sspi.h"
31
32#include "sspi_winpr.h"
33
34#include "../log.h"
35#define TAG WINPR_TAG("sspi")
36
37/* Authentication Functions: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731/ */
38
39#include "NTLM/ntlm.h"
40#include "NTLM/ntlm_export.h"
41#include "CredSSP/credssp.h"
42#include "Kerberos/kerberos.h"
43#include "Negotiate/negotiate.h"
44#include "Schannel/schannel.h"
45
46static const SecPkgInfoA* SecPkgInfoA_LIST[] = { &NTLM_SecPkgInfoA, &KERBEROS_SecPkgInfoA,
47 &NEGOTIATE_SecPkgInfoA, &CREDSSP_SecPkgInfoA,
48 &SCHANNEL_SecPkgInfoA };
49
50static const SecPkgInfoW* SecPkgInfoW_LIST[] = { &NTLM_SecPkgInfoW, &KERBEROS_SecPkgInfoW,
51 &NEGOTIATE_SecPkgInfoW, &CREDSSP_SecPkgInfoW,
52 &SCHANNEL_SecPkgInfoW };
53
54typedef struct
55{
56 const SEC_CHAR* Name;
57 const SecurityFunctionTableA* SecurityFunctionTable;
58} SecurityFunctionTableA_NAME;
59
60typedef struct
61{
62 const SEC_WCHAR* Name;
63 const SecurityFunctionTableW* SecurityFunctionTable;
64} SecurityFunctionTableW_NAME;
65
66static const SecurityFunctionTableA_NAME SecurityFunctionTableA_NAME_LIST[] = {
67 { "NTLM", &NTLM_SecurityFunctionTableA },
68 { "Kerberos", &KERBEROS_SecurityFunctionTableA },
69 { "Negotiate", &NEGOTIATE_SecurityFunctionTableA },
70 { "CREDSSP", &CREDSSP_SecurityFunctionTableA },
71 { "Schannel", &SCHANNEL_SecurityFunctionTableA }
72};
73
74static WCHAR BUFFER_NAME_LIST_W[5][32] = { 0 };
75
76static const SecurityFunctionTableW_NAME SecurityFunctionTableW_NAME_LIST[] = {
77 { BUFFER_NAME_LIST_W[0], &NTLM_SecurityFunctionTableW },
78 { BUFFER_NAME_LIST_W[1], &KERBEROS_SecurityFunctionTableW },
79 { BUFFER_NAME_LIST_W[2], &NEGOTIATE_SecurityFunctionTableW },
80 { BUFFER_NAME_LIST_W[3], &CREDSSP_SecurityFunctionTableW },
81 { BUFFER_NAME_LIST_W[4], &SCHANNEL_SecurityFunctionTableW }
82};
83
84typedef struct
85{
86 void* contextBuffer;
87 UINT32 allocatorIndex;
88} CONTEXT_BUFFER_ALLOC_ENTRY;
89
90typedef struct
91{
92 UINT32 cEntries;
93 UINT32 cMaxEntries;
94 CONTEXT_BUFFER_ALLOC_ENTRY* entries;
95} CONTEXT_BUFFER_ALLOC_TABLE;
96
97static CONTEXT_BUFFER_ALLOC_TABLE ContextBufferAllocTable = { 0 };
98
99static int sspi_ContextBufferAllocTableNew(void)
100{
101 size_t size = 0;
102 ContextBufferAllocTable.entries = NULL;
103 ContextBufferAllocTable.cEntries = 0;
104 ContextBufferAllocTable.cMaxEntries = 4;
105 size = sizeof(CONTEXT_BUFFER_ALLOC_ENTRY) * ContextBufferAllocTable.cMaxEntries;
106 ContextBufferAllocTable.entries = (CONTEXT_BUFFER_ALLOC_ENTRY*)calloc(1, size);
107
108 if (!ContextBufferAllocTable.entries)
109 return -1;
110
111 return 1;
112}
113
114static int sspi_ContextBufferAllocTableGrow(void)
115{
116 size_t size = 0;
117 CONTEXT_BUFFER_ALLOC_ENTRY* entries = NULL;
118 ContextBufferAllocTable.cEntries = 0;
119 ContextBufferAllocTable.cMaxEntries *= 2;
120 size = sizeof(CONTEXT_BUFFER_ALLOC_ENTRY) * ContextBufferAllocTable.cMaxEntries;
121
122 if (!size)
123 return -1;
124
125 entries = (CONTEXT_BUFFER_ALLOC_ENTRY*)realloc(ContextBufferAllocTable.entries, size);
126
127 if (!entries)
128 {
129 free(ContextBufferAllocTable.entries);
130 return -1;
131 }
132
133 ContextBufferAllocTable.entries = entries;
134 ZeroMemory((void*)&ContextBufferAllocTable.entries[ContextBufferAllocTable.cMaxEntries / 2],
135 size / 2);
136 return 1;
137}
138
139static void sspi_ContextBufferAllocTableFree(void)
140{
141 if (ContextBufferAllocTable.cEntries != 0)
142 WLog_ERR(TAG, "ContextBufferAllocTable.entries == %" PRIu32,
143 ContextBufferAllocTable.cEntries);
144
145 ContextBufferAllocTable.cEntries = ContextBufferAllocTable.cMaxEntries = 0;
146 free(ContextBufferAllocTable.entries);
147 ContextBufferAllocTable.entries = NULL;
148}
149
150static void* sspi_ContextBufferAlloc(UINT32 allocatorIndex, size_t size)
151{
152 void* contextBuffer = NULL;
153
154 for (UINT32 index = 0; index < ContextBufferAllocTable.cMaxEntries; index++)
155 {
156 if (!ContextBufferAllocTable.entries[index].contextBuffer)
157 {
158 contextBuffer = calloc(1, size);
159
160 if (!contextBuffer)
161 return NULL;
162
163 ContextBufferAllocTable.cEntries++;
164 ContextBufferAllocTable.entries[index].contextBuffer = contextBuffer;
165 ContextBufferAllocTable.entries[index].allocatorIndex = allocatorIndex;
166 return ContextBufferAllocTable.entries[index].contextBuffer;
167 }
168 }
169
170 /* no available entry was found, the table needs to be grown */
171
172 if (sspi_ContextBufferAllocTableGrow() < 0)
173 return NULL;
174
175 /* the next call to sspi_ContextBufferAlloc() should now succeed */
176 return sspi_ContextBufferAlloc(allocatorIndex, size);
177}
178
179SSPI_CREDENTIALS* sspi_CredentialsNew(void)
180{
181 SSPI_CREDENTIALS* credentials = NULL;
182 credentials = (SSPI_CREDENTIALS*)calloc(1, sizeof(SSPI_CREDENTIALS));
183 return credentials;
184}
185
186void sspi_CredentialsFree(SSPI_CREDENTIALS* credentials)
187{
188 size_t userLength = 0;
189 size_t domainLength = 0;
190 size_t passwordLength = 0;
191
192 if (!credentials)
193 return;
194
195 if (credentials->ntlmSettings.samFile)
196 free(credentials->ntlmSettings.samFile);
197
198 userLength = credentials->identity.UserLength;
199 domainLength = credentials->identity.DomainLength;
200 passwordLength = credentials->identity.PasswordLength;
201
202 if (passwordLength > SSPI_CREDENTIALS_HASH_LENGTH_OFFSET) /* [pth] */
203 passwordLength -= SSPI_CREDENTIALS_HASH_LENGTH_OFFSET;
204
205 if (credentials->identity.Flags & SEC_WINNT_AUTH_IDENTITY_UNICODE)
206 {
207 userLength *= 2;
208 domainLength *= 2;
209 passwordLength *= 2;
210 }
211
212 if (credentials->identity.User)
213 memset(credentials->identity.User, 0, userLength);
214 if (credentials->identity.Domain)
215 memset(credentials->identity.Domain, 0, domainLength);
216 if (credentials->identity.Password)
217 memset(credentials->identity.Password, 0, passwordLength);
218 free(credentials->identity.User);
219 free(credentials->identity.Domain);
220 free(credentials->identity.Password);
221 free(credentials);
222}
223
224void* sspi_SecBufferAlloc(PSecBuffer SecBuffer, ULONG size)
225{
226 if (!SecBuffer)
227 return NULL;
228
229 SecBuffer->pvBuffer = calloc(1, size);
230
231 if (!SecBuffer->pvBuffer)
232 return NULL;
233
234 SecBuffer->cbBuffer = size;
235 return SecBuffer->pvBuffer;
236}
237
238void sspi_SecBufferFree(PSecBuffer SecBuffer)
239{
240 if (!SecBuffer)
241 return;
242
243 if (SecBuffer->pvBuffer)
244 memset(SecBuffer->pvBuffer, 0, SecBuffer->cbBuffer);
245
246 free(SecBuffer->pvBuffer);
247 SecBuffer->pvBuffer = NULL;
248 SecBuffer->cbBuffer = 0;
249}
250
251SecHandle* sspi_SecureHandleAlloc(void)
252{
253 SecHandle* handle = (SecHandle*)calloc(1, sizeof(SecHandle));
254
255 if (!handle)
256 return NULL;
257
258 SecInvalidateHandle(handle);
259 return handle;
260}
261
262void* sspi_SecureHandleGetLowerPointer(SecHandle* handle)
263{
264 void* pointer = NULL;
265
266 if (!handle || !SecIsValidHandle(handle) || !handle->dwLower)
267 return NULL;
268
269 pointer = (void*)~((size_t)handle->dwLower);
270 return pointer;
271}
272
273void sspi_SecureHandleInvalidate(SecHandle* handle)
274{
275 if (!handle)
276 return;
277
278 handle->dwLower = 0;
279 handle->dwUpper = 0;
280}
281
282void sspi_SecureHandleSetLowerPointer(SecHandle* handle, void* pointer)
283{
284 if (!handle)
285 return;
286
287 handle->dwLower = (ULONG_PTR)(~((size_t)pointer));
288}
289
290void* sspi_SecureHandleGetUpperPointer(SecHandle* handle)
291{
292 void* pointer = NULL;
293
294 if (!handle || !SecIsValidHandle(handle) || !handle->dwUpper)
295 return NULL;
296
297 pointer = (void*)~((size_t)handle->dwUpper);
298 return pointer;
299}
300
301void sspi_SecureHandleSetUpperPointer(SecHandle* handle, void* pointer)
302{
303 if (!handle)
304 return;
305
306 handle->dwUpper = (ULONG_PTR)(~((size_t)pointer));
307}
308
309void sspi_SecureHandleFree(SecHandle* handle)
310{
311 free(handle);
312}
313
314int sspi_SetAuthIdentityW(SEC_WINNT_AUTH_IDENTITY* identity, const WCHAR* user, const WCHAR* domain,
315 const WCHAR* password)
316{
317 return sspi_SetAuthIdentityWithLengthW(identity, user, user ? _wcslen(user) : 0, domain,
318 domain ? _wcslen(domain) : 0, password,
319 password ? _wcslen(password) : 0);
320}
321
322static BOOL copy(WCHAR** dst, ULONG* dstLen, const WCHAR* what, size_t len)
323{
324 WINPR_ASSERT(dst);
325 WINPR_ASSERT(dstLen);
326
327 *dst = NULL;
328 *dstLen = 0;
329
330 if (len > UINT32_MAX)
331 return FALSE;
332
333 /* Case what="" and len=0 should allocate an empty string */
334 if (!what && (len != 0))
335 return FALSE;
336 if (!what && (len == 0))
337 return TRUE;
338
339 *dst = calloc(sizeof(WCHAR), len + 1);
340 if (!*dst)
341 return FALSE;
342
343 memcpy(*dst, what, len * sizeof(WCHAR));
344 *dstLen = WINPR_ASSERTING_INT_CAST(UINT32, len);
345 return TRUE;
346}
347
348int sspi_SetAuthIdentityWithLengthW(SEC_WINNT_AUTH_IDENTITY* identity, const WCHAR* user,
349 size_t userLen, const WCHAR* domain, size_t domainLen,
350 const WCHAR* password, size_t passwordLen)
351{
352 WINPR_ASSERT(identity);
353 sspi_FreeAuthIdentity(identity);
354 identity->Flags &= (uint32_t)~SEC_WINNT_AUTH_IDENTITY_ANSI;
355 identity->Flags |= SEC_WINNT_AUTH_IDENTITY_UNICODE;
356
357 if (!copy(&identity->User, &identity->UserLength, user, userLen))
358 return -1;
359
360 if (!copy(&identity->Domain, &identity->DomainLength, domain, domainLen))
361 return -1;
362
363 if (!copy(&identity->Password, &identity->PasswordLength, password, passwordLen))
364 return -1;
365
366 return 1;
367}
368
369static void zfree(WCHAR* str, size_t len)
370{
371 if (str)
372 memset(str, 0, len * sizeof(WCHAR));
373 free(str);
374}
375
376int sspi_SetAuthIdentityA(SEC_WINNT_AUTH_IDENTITY* identity, const char* user, const char* domain,
377 const char* password)
378{
379 int rc = 0;
380 size_t unicodeUserLenW = 0;
381 size_t unicodeDomainLenW = 0;
382 size_t unicodePasswordLenW = 0;
383 LPWSTR unicodeUser = NULL;
384 LPWSTR unicodeDomain = NULL;
385 LPWSTR unicodePassword = NULL;
386
387 if (user)
388 unicodeUser = ConvertUtf8ToWCharAlloc(user, &unicodeUserLenW);
389
390 if (domain)
391 unicodeDomain = ConvertUtf8ToWCharAlloc(domain, &unicodeDomainLenW);
392
393 if (password)
394 unicodePassword = ConvertUtf8ToWCharAlloc(password, &unicodePasswordLenW);
395
396 rc = sspi_SetAuthIdentityWithLengthW(identity, unicodeUser, unicodeUserLenW, unicodeDomain,
397 unicodeDomainLenW, unicodePassword, unicodePasswordLenW);
398
399 zfree(unicodeUser, unicodeUserLenW);
400 zfree(unicodeDomain, unicodeDomainLenW);
401 zfree(unicodePassword, unicodePasswordLenW);
402 return rc;
403}
404
405UINT32 sspi_GetAuthIdentityVersion(const void* identity)
406{
407 UINT32 version = 0;
408
409 if (!identity)
410 return 0;
411
412 version = *((const UINT32*)identity);
413
414 if ((version == SEC_WINNT_AUTH_IDENTITY_VERSION) ||
415 (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2))
416 {
417 return version;
418 }
419
420 return 0; // SEC_WINNT_AUTH_IDENTITY (no version)
421}
422
423UINT32 sspi_GetAuthIdentityFlags(const void* identity)
424{
425 UINT32 version = 0;
426 UINT32 flags = 0;
427
428 if (!identity)
429 return 0;
430
431 version = sspi_GetAuthIdentityVersion(identity);
432
433 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
434 {
435 flags = ((const SEC_WINNT_AUTH_IDENTITY_EX*)identity)->Flags;
436 }
437 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
438 {
439 flags = ((const SEC_WINNT_AUTH_IDENTITY_EX2*)identity)->Flags;
440 }
441 else // SEC_WINNT_AUTH_IDENTITY
442 {
443 flags = ((const SEC_WINNT_AUTH_IDENTITY*)identity)->Flags;
444 }
445
446 return flags;
447}
448
449BOOL sspi_GetAuthIdentityUserDomainW(const void* identity, const WCHAR** pUser, UINT32* pUserLength,
450 const WCHAR** pDomain, UINT32* pDomainLength)
451{
452 UINT32 version = 0;
453
454 if (!identity)
455 return FALSE;
456
457 version = sspi_GetAuthIdentityVersion(identity);
458
459 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
460 {
461 const SEC_WINNT_AUTH_IDENTITY_EXW* id = (const SEC_WINNT_AUTH_IDENTITY_EXW*)identity;
462 *pUser = (const WCHAR*)id->User;
463 *pUserLength = id->UserLength;
464 *pDomain = (const WCHAR*)id->Domain;
465 *pDomainLength = id->DomainLength;
466 }
467 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
468 {
469 const SEC_WINNT_AUTH_IDENTITY_EX2* id = (const SEC_WINNT_AUTH_IDENTITY_EX2*)identity;
470 UINT32 UserOffset = id->UserOffset;
471 UINT32 DomainOffset = id->DomainOffset;
472 *pUser = (const WCHAR*)&((const uint8_t*)identity)[UserOffset];
473 *pUserLength = id->UserLength / 2;
474 *pDomain = (const WCHAR*)&((const uint8_t*)identity)[DomainOffset];
475 *pDomainLength = id->DomainLength / 2;
476 }
477 else // SEC_WINNT_AUTH_IDENTITY
478 {
479 const SEC_WINNT_AUTH_IDENTITY_W* id = (const SEC_WINNT_AUTH_IDENTITY_W*)identity;
480 *pUser = (const WCHAR*)id->User;
481 *pUserLength = id->UserLength;
482 *pDomain = (const WCHAR*)id->Domain;
483 *pDomainLength = id->DomainLength;
484 }
485
486 return TRUE;
487}
488
489BOOL sspi_GetAuthIdentityUserDomainA(const void* identity, const char** pUser, UINT32* pUserLength,
490 const char** pDomain, UINT32* pDomainLength)
491{
492 UINT32 version = 0;
493
494 if (!identity)
495 return FALSE;
496
497 version = sspi_GetAuthIdentityVersion(identity);
498
499 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
500 {
501 const SEC_WINNT_AUTH_IDENTITY_EXA* id = (const SEC_WINNT_AUTH_IDENTITY_EXA*)identity;
502 *pUser = (const char*)id->User;
503 *pUserLength = id->UserLength;
504 *pDomain = (const char*)id->Domain;
505 *pDomainLength = id->DomainLength;
506 }
507 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
508 {
509 const SEC_WINNT_AUTH_IDENTITY_EX2* id = (const SEC_WINNT_AUTH_IDENTITY_EX2*)identity;
510 UINT32 UserOffset = id->UserOffset;
511 UINT32 DomainOffset = id->DomainOffset;
512 *pUser = (const char*)&((const uint8_t*)identity)[UserOffset];
513 *pUserLength = id->UserLength;
514 *pDomain = (const char*)&((const uint8_t*)identity)[DomainOffset];
515 *pDomainLength = id->DomainLength;
516 }
517 else // SEC_WINNT_AUTH_IDENTITY
518 {
519 const SEC_WINNT_AUTH_IDENTITY_A* id = (const SEC_WINNT_AUTH_IDENTITY_A*)identity;
520 *pUser = (const char*)id->User;
521 *pUserLength = id->UserLength;
522 *pDomain = (const char*)id->Domain;
523 *pDomainLength = id->DomainLength;
524 }
525
526 return TRUE;
527}
528
529BOOL sspi_GetAuthIdentityPasswordW(const void* identity, const WCHAR** pPassword,
530 UINT32* pPasswordLength)
531{
532 UINT32 version = 0;
533
534 if (!identity)
535 return FALSE;
536
537 version = sspi_GetAuthIdentityVersion(identity);
538
539 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
540 {
541 const SEC_WINNT_AUTH_IDENTITY_EXW* id = (const SEC_WINNT_AUTH_IDENTITY_EXW*)identity;
542 *pPassword = (const WCHAR*)id->Password;
543 *pPasswordLength = id->PasswordLength;
544 }
545 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
546 {
547 return FALSE; // TODO: packed credentials
548 }
549 else // SEC_WINNT_AUTH_IDENTITY
550 {
551 const SEC_WINNT_AUTH_IDENTITY_W* id = (const SEC_WINNT_AUTH_IDENTITY_W*)identity;
552 *pPassword = (const WCHAR*)id->Password;
553 *pPasswordLength = id->PasswordLength;
554 }
555
556 return TRUE;
557}
558
559BOOL sspi_GetAuthIdentityPasswordA(const void* identity, const char** pPassword,
560 UINT32* pPasswordLength)
561{
562 UINT32 version = 0;
563
564 if (!identity)
565 return FALSE;
566
567 version = sspi_GetAuthIdentityVersion(identity);
568
569 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
570 {
571 const SEC_WINNT_AUTH_IDENTITY_EXA* id = (const SEC_WINNT_AUTH_IDENTITY_EXA*)identity;
572 *pPassword = (const char*)id->Password;
573 *pPasswordLength = id->PasswordLength;
574 }
575 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
576 {
577 return FALSE; // TODO: packed credentials
578 }
579 else // SEC_WINNT_AUTH_IDENTITY
580 {
581 const SEC_WINNT_AUTH_IDENTITY_A* id = (const SEC_WINNT_AUTH_IDENTITY_A*)identity;
582 *pPassword = (const char*)id->Password;
583 *pPasswordLength = id->PasswordLength;
584 }
585
586 return TRUE;
587}
588
589BOOL sspi_CopyAuthIdentityFieldsA(const SEC_WINNT_AUTH_IDENTITY_INFO* identity, char** pUser,
590 char** pDomain, char** pPassword)
591{
592 BOOL success = FALSE;
593 const char* UserA = NULL;
594 const char* DomainA = NULL;
595 const char* PasswordA = NULL;
596 const WCHAR* UserW = NULL;
597 const WCHAR* DomainW = NULL;
598 const WCHAR* PasswordW = NULL;
599 UINT32 UserLength = 0;
600 UINT32 DomainLength = 0;
601 UINT32 PasswordLength = 0;
602
603 if (!identity || !pUser || !pDomain || !pPassword)
604 return FALSE;
605
606 *pUser = *pDomain = *pPassword = NULL;
607
608 UINT32 identityFlags = sspi_GetAuthIdentityFlags(identity);
609
610 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
611 {
612 if (!sspi_GetAuthIdentityUserDomainA(identity, &UserA, &UserLength, &DomainA,
613 &DomainLength))
614 goto cleanup;
615
616 if (!sspi_GetAuthIdentityPasswordA(identity, &PasswordA, &PasswordLength))
617 goto cleanup;
618
619 if (UserA && UserLength)
620 {
621 *pUser = _strdup(UserA);
622
623 if (!(*pUser))
624 goto cleanup;
625 }
626
627 if (DomainA && DomainLength)
628 {
629 *pDomain = _strdup(DomainA);
630
631 if (!(*pDomain))
632 goto cleanup;
633 }
634
635 if (PasswordA && PasswordLength)
636 {
637 *pPassword = _strdup(PasswordA);
638
639 if (!(*pPassword))
640 goto cleanup;
641 }
642
643 success = TRUE;
644 }
645 else
646 {
647 if (!sspi_GetAuthIdentityUserDomainW(identity, &UserW, &UserLength, &DomainW,
648 &DomainLength))
649 goto cleanup;
650
651 if (!sspi_GetAuthIdentityPasswordW(identity, &PasswordW, &PasswordLength))
652 goto cleanup;
653
654 if (UserW && (UserLength > 0))
655 {
656 *pUser = ConvertWCharNToUtf8Alloc(UserW, UserLength, NULL);
657 if (!(*pUser))
658 goto cleanup;
659 }
660
661 if (DomainW && (DomainLength > 0))
662 {
663 *pDomain = ConvertWCharNToUtf8Alloc(DomainW, DomainLength, NULL);
664 if (!(*pDomain))
665 goto cleanup;
666 }
667
668 if (PasswordW && (PasswordLength > 0))
669 {
670 *pPassword = ConvertWCharNToUtf8Alloc(PasswordW, PasswordLength, NULL);
671 if (!(*pPassword))
672 goto cleanup;
673 }
674
675 success = TRUE;
676 }
677
678cleanup:
679 return success;
680}
681
682BOOL sspi_CopyAuthIdentityFieldsW(const SEC_WINNT_AUTH_IDENTITY_INFO* identity, WCHAR** pUser,
683 WCHAR** pDomain, WCHAR** pPassword)
684{
685 BOOL success = FALSE;
686 const char* UserA = NULL;
687 const char* DomainA = NULL;
688 const char* PasswordA = NULL;
689 const WCHAR* UserW = NULL;
690 const WCHAR* DomainW = NULL;
691 const WCHAR* PasswordW = NULL;
692 UINT32 UserLength = 0;
693 UINT32 DomainLength = 0;
694 UINT32 PasswordLength = 0;
695
696 if (!identity || !pUser || !pDomain || !pPassword)
697 return FALSE;
698
699 *pUser = *pDomain = *pPassword = NULL;
700
701 UINT32 identityFlags = sspi_GetAuthIdentityFlags(identity);
702
703 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
704 {
705 if (!sspi_GetAuthIdentityUserDomainA(identity, &UserA, &UserLength, &DomainA,
706 &DomainLength))
707 goto cleanup;
708
709 if (!sspi_GetAuthIdentityPasswordA(identity, &PasswordA, &PasswordLength))
710 goto cleanup;
711
712 if (UserA && (UserLength > 0))
713 {
714 WCHAR* ptr = ConvertUtf8NToWCharAlloc(UserA, UserLength, NULL);
715 *pUser = ptr;
716
717 if (!ptr)
718 goto cleanup;
719 }
720
721 if (DomainA && (DomainLength > 0))
722 {
723 WCHAR* ptr = ConvertUtf8NToWCharAlloc(DomainA, DomainLength, NULL);
724 *pDomain = ptr;
725 if (!ptr)
726 goto cleanup;
727 }
728
729 if (PasswordA && (PasswordLength > 0))
730 {
731 WCHAR* ptr = ConvertUtf8NToWCharAlloc(PasswordA, PasswordLength, NULL);
732
733 *pPassword = ptr;
734 if (!ptr)
735 goto cleanup;
736 }
737
738 success = TRUE;
739 }
740 else
741 {
742 if (!sspi_GetAuthIdentityUserDomainW(identity, &UserW, &UserLength, &DomainW,
743 &DomainLength))
744 goto cleanup;
745
746 if (!sspi_GetAuthIdentityPasswordW(identity, &PasswordW, &PasswordLength))
747 goto cleanup;
748
749 if (UserW && UserLength)
750 {
751 *pUser = _wcsdup(UserW);
752
753 if (!(*pUser))
754 goto cleanup;
755 }
756
757 if (DomainW && DomainLength)
758 {
759 *pDomain = _wcsdup(DomainW);
760
761 if (!(*pDomain))
762 goto cleanup;
763 }
764
765 if (PasswordW && PasswordLength)
766 {
767 *pPassword = _wcsdup(PasswordW);
768
769 if (!(*pPassword))
770 goto cleanup;
771 }
772
773 success = TRUE;
774 }
775
776cleanup:
777 return success;
778}
779
780BOOL sspi_CopyAuthPackageListA(const SEC_WINNT_AUTH_IDENTITY_INFO* identity, char** pPackageList)
781{
782 UINT32 version = 0;
783 UINT32 identityFlags = 0;
784 char* PackageList = NULL;
785 const char* PackageListA = NULL;
786 const WCHAR* PackageListW = NULL;
787 UINT32 PackageListLength = 0;
788 UINT32 PackageListOffset = 0;
789 const void* pAuthData = (const void*)identity;
790
791 if (!pAuthData)
792 return FALSE;
793
794 version = sspi_GetAuthIdentityVersion(pAuthData);
795 identityFlags = sspi_GetAuthIdentityFlags(pAuthData);
796
797 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
798 {
799 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
800 {
801 const SEC_WINNT_AUTH_IDENTITY_EXA* ad = (const SEC_WINNT_AUTH_IDENTITY_EXA*)pAuthData;
802 PackageListA = (const char*)ad->PackageList;
803 PackageListLength = ad->PackageListLength;
804 }
805
806 if (PackageListA && PackageListLength)
807 {
808 PackageList = _strdup(PackageListA);
809 }
810 }
811 else
812 {
813 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
814 {
815 const SEC_WINNT_AUTH_IDENTITY_EXW* ad = (const SEC_WINNT_AUTH_IDENTITY_EXW*)pAuthData;
816 PackageListW = (const WCHAR*)ad->PackageList;
817 PackageListLength = ad->PackageListLength;
818 }
819 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
820 {
821 const SEC_WINNT_AUTH_IDENTITY_EX2* ad = (const SEC_WINNT_AUTH_IDENTITY_EX2*)pAuthData;
822 PackageListOffset = ad->PackageListOffset;
823 PackageListW = (const WCHAR*)&((const uint8_t*)pAuthData)[PackageListOffset];
824 PackageListLength = ad->PackageListLength / 2;
825 }
826
827 if (PackageListW && (PackageListLength > 0))
828 PackageList = ConvertWCharNToUtf8Alloc(PackageListW, PackageListLength, NULL);
829 }
830
831 if (PackageList)
832 {
833 *pPackageList = PackageList;
834 return TRUE;
835 }
836
837 return FALSE;
838}
839
840int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity,
841 const SEC_WINNT_AUTH_IDENTITY_INFO* srcIdentity)
842{
843 int status = 0;
844 UINT32 identityFlags = 0;
845 const char* UserA = NULL;
846 const char* DomainA = NULL;
847 const char* PasswordA = NULL;
848 const WCHAR* UserW = NULL;
849 const WCHAR* DomainW = NULL;
850 const WCHAR* PasswordW = NULL;
851 UINT32 UserLength = 0;
852 UINT32 DomainLength = 0;
853 UINT32 PasswordLength = 0;
854
855 sspi_FreeAuthIdentity(identity);
856
857 identityFlags = sspi_GetAuthIdentityFlags(srcIdentity);
858
859 identity->Flags = identityFlags;
860
861 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
862 {
863 if (!sspi_GetAuthIdentityUserDomainA(srcIdentity, &UserA, &UserLength, &DomainA,
864 &DomainLength))
865 {
866 return -1;
867 }
868
869 if (!sspi_GetAuthIdentityPasswordA(srcIdentity, &PasswordA, &PasswordLength))
870 {
871 return -1;
872 }
873
874 status = sspi_SetAuthIdentity(identity, UserA, DomainA, PasswordA);
875
876 if (status <= 0)
877 return -1;
878
879 identity->Flags &= (uint32_t)~SEC_WINNT_AUTH_IDENTITY_ANSI;
880 identity->Flags |= SEC_WINNT_AUTH_IDENTITY_UNICODE;
881 return 1;
882 }
883
884 identity->Flags |= SEC_WINNT_AUTH_IDENTITY_UNICODE;
885
886 if (!sspi_GetAuthIdentityUserDomainW(srcIdentity, &UserW, &UserLength, &DomainW, &DomainLength))
887 {
888 return -1;
889 }
890
891 if (!sspi_GetAuthIdentityPasswordW(srcIdentity, &PasswordW, &PasswordLength))
892 {
893 return -1;
894 }
895
896 /* login/password authentication */
897 identity->UserLength = UserLength;
898
899 if (identity->UserLength > 0)
900 {
901 identity->User = (UINT16*)calloc((identity->UserLength + 1), sizeof(WCHAR));
902
903 if (!identity->User)
904 return -1;
905
906 CopyMemory(identity->User, UserW, identity->UserLength * sizeof(WCHAR));
907 identity->User[identity->UserLength] = 0;
908 }
909
910 identity->DomainLength = DomainLength;
911
912 if (identity->DomainLength > 0)
913 {
914 identity->Domain = (UINT16*)calloc((identity->DomainLength + 1), sizeof(WCHAR));
915
916 if (!identity->Domain)
917 return -1;
918
919 CopyMemory(identity->Domain, DomainW, identity->DomainLength * sizeof(WCHAR));
920 identity->Domain[identity->DomainLength] = 0;
921 }
922
923 identity->PasswordLength = PasswordLength;
924
925 if (identity->PasswordLength > SSPI_CREDENTIALS_HASH_LENGTH_OFFSET)
926 identity->PasswordLength -= SSPI_CREDENTIALS_HASH_LENGTH_OFFSET;
927
928 if (PasswordW)
929 {
930 identity->Password = (UINT16*)calloc((identity->PasswordLength + 1), sizeof(WCHAR));
931
932 if (!identity->Password)
933 return -1;
934
935 CopyMemory(identity->Password, PasswordW, identity->PasswordLength * sizeof(WCHAR));
936 identity->Password[identity->PasswordLength] = 0;
937 }
938
939 identity->PasswordLength = PasswordLength;
940 /* End of login/password authentication */
941 return 1;
942}
943
944PSecBuffer sspi_FindSecBuffer(PSecBufferDesc pMessage, ULONG BufferType)
945{
946 PSecBuffer pSecBuffer = NULL;
947
948 for (UINT32 index = 0; index < pMessage->cBuffers; index++)
949 {
950 if (pMessage->pBuffers[index].BufferType == BufferType)
951 {
952 pSecBuffer = &pMessage->pBuffers[index];
953 break;
954 }
955 }
956
957 return pSecBuffer;
958}
959
960static BOOL WINPR_init(void)
961{
962
963 for (size_t x = 0; x < ARRAYSIZE(SecurityFunctionTableA_NAME_LIST); x++)
964 {
965 const SecurityFunctionTableA_NAME* cur = &SecurityFunctionTableA_NAME_LIST[x];
966 InitializeConstWCharFromUtf8(cur->Name, BUFFER_NAME_LIST_W[x],
967 ARRAYSIZE(BUFFER_NAME_LIST_W[x]));
968 }
969 return TRUE;
970}
971
972static BOOL CALLBACK sspi_init(WINPR_ATTR_UNUSED PINIT_ONCE InitOnce,
973 WINPR_ATTR_UNUSED PVOID Parameter, WINPR_ATTR_UNUSED PVOID* Context)
974{
975 winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
976 sspi_ContextBufferAllocTableNew();
977 if (!SCHANNEL_init())
978 return FALSE;
979 if (!KERBEROS_init())
980 return FALSE;
981 if (!NTLM_init())
982 return FALSE;
983 if (!CREDSSP_init())
984 return FALSE;
985 if (!NEGOTIATE_init())
986 return FALSE;
987 return WINPR_init();
988}
989
990void sspi_GlobalInit(void)
991{
992 static INIT_ONCE once = INIT_ONCE_STATIC_INIT;
993 DWORD flags = 0;
994 InitOnceExecuteOnce(&once, sspi_init, &flags, NULL);
995}
996
997void sspi_GlobalFinish(void)
998{
999 sspi_ContextBufferAllocTableFree();
1000}
1001
1002static const SecurityFunctionTableA* sspi_GetSecurityFunctionTableAByNameA(const SEC_CHAR* Name)
1003{
1004 size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1005
1006 for (size_t index = 0; index < cPackages; index++)
1007 {
1008 if (strcmp(Name, SecurityFunctionTableA_NAME_LIST[index].Name) == 0)
1009 {
1010 return SecurityFunctionTableA_NAME_LIST[index].SecurityFunctionTable;
1011 }
1012 }
1013
1014 return NULL;
1015}
1016
1017static const SecurityFunctionTableW* sspi_GetSecurityFunctionTableWByNameW(const SEC_WCHAR* Name)
1018{
1019 size_t cPackages = ARRAYSIZE(SecPkgInfoW_LIST);
1020
1021 for (size_t index = 0; index < cPackages; index++)
1022 {
1023 if (_wcscmp(Name, SecurityFunctionTableW_NAME_LIST[index].Name) == 0)
1024 {
1025 return SecurityFunctionTableW_NAME_LIST[index].SecurityFunctionTable;
1026 }
1027 }
1028
1029 return NULL;
1030}
1031
1032static const SecurityFunctionTableW* sspi_GetSecurityFunctionTableWByNameA(const SEC_CHAR* Name)
1033{
1034 SEC_WCHAR* NameW = NULL;
1035 const SecurityFunctionTableW* table = NULL;
1036
1037 if (!Name)
1038 return NULL;
1039
1040 NameW = ConvertUtf8ToWCharAlloc(Name, NULL);
1041
1042 if (!NameW)
1043 return NULL;
1044
1045 table = sspi_GetSecurityFunctionTableWByNameW(NameW);
1046 free(NameW);
1047 return table;
1048}
1049
1050static void FreeContextBuffer_EnumerateSecurityPackages(void* contextBuffer);
1051static void FreeContextBuffer_QuerySecurityPackageInfo(void* contextBuffer);
1052
1053static void sspi_ContextBufferFree(void* contextBuffer)
1054{
1055 UINT32 allocatorIndex = 0;
1056
1057 for (size_t index = 0; index < ContextBufferAllocTable.cMaxEntries; index++)
1058 {
1059 if (contextBuffer == ContextBufferAllocTable.entries[index].contextBuffer)
1060 {
1061 contextBuffer = ContextBufferAllocTable.entries[index].contextBuffer;
1062 allocatorIndex = ContextBufferAllocTable.entries[index].allocatorIndex;
1063 ContextBufferAllocTable.cEntries--;
1064 ContextBufferAllocTable.entries[index].allocatorIndex = 0;
1065 ContextBufferAllocTable.entries[index].contextBuffer = NULL;
1066
1067 switch (allocatorIndex)
1068 {
1069 case EnumerateSecurityPackagesIndex:
1070 FreeContextBuffer_EnumerateSecurityPackages(contextBuffer);
1071 break;
1072
1073 case QuerySecurityPackageInfoIndex:
1074 FreeContextBuffer_QuerySecurityPackageInfo(contextBuffer);
1075 break;
1076 default:
1077 break;
1078 }
1079 }
1080 }
1081}
1082
1087/* Package Management */
1088
1089static SECURITY_STATUS SEC_ENTRY winpr_EnumerateSecurityPackagesW(ULONG* pcPackages,
1090 PSecPkgInfoW* ppPackageInfo)
1091{
1092 const size_t cPackages = ARRAYSIZE(SecPkgInfoW_LIST);
1093 const size_t size = sizeof(SecPkgInfoW) * cPackages;
1094 SecPkgInfoW* pPackageInfo =
1095 (SecPkgInfoW*)sspi_ContextBufferAlloc(EnumerateSecurityPackagesIndex, size);
1096
1097 WINPR_ASSERT(cPackages <= UINT32_MAX);
1098
1099 if (!pPackageInfo)
1100 return SEC_E_INSUFFICIENT_MEMORY;
1101
1102 for (size_t index = 0; index < cPackages; index++)
1103 {
1104 pPackageInfo[index].fCapabilities = SecPkgInfoW_LIST[index]->fCapabilities;
1105 pPackageInfo[index].wVersion = SecPkgInfoW_LIST[index]->wVersion;
1106 pPackageInfo[index].wRPCID = SecPkgInfoW_LIST[index]->wRPCID;
1107 pPackageInfo[index].cbMaxToken = SecPkgInfoW_LIST[index]->cbMaxToken;
1108 pPackageInfo[index].Name = _wcsdup(SecPkgInfoW_LIST[index]->Name);
1109 pPackageInfo[index].Comment = _wcsdup(SecPkgInfoW_LIST[index]->Comment);
1110 }
1111
1112 *(pcPackages) = (UINT32)cPackages;
1113 *(ppPackageInfo) = pPackageInfo;
1114 return SEC_E_OK;
1115}
1116
1117static SECURITY_STATUS SEC_ENTRY winpr_EnumerateSecurityPackagesA(ULONG* pcPackages,
1118 PSecPkgInfoA* ppPackageInfo)
1119{
1120 const size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1121 const size_t size = sizeof(SecPkgInfoA) * cPackages;
1122 SecPkgInfoA* pPackageInfo =
1123 (SecPkgInfoA*)sspi_ContextBufferAlloc(EnumerateSecurityPackagesIndex, size);
1124
1125 WINPR_ASSERT(cPackages <= UINT32_MAX);
1126
1127 if (!pPackageInfo)
1128 return SEC_E_INSUFFICIENT_MEMORY;
1129
1130 for (size_t index = 0; index < cPackages; index++)
1131 {
1132 pPackageInfo[index].fCapabilities = SecPkgInfoA_LIST[index]->fCapabilities;
1133 pPackageInfo[index].wVersion = SecPkgInfoA_LIST[index]->wVersion;
1134 pPackageInfo[index].wRPCID = SecPkgInfoA_LIST[index]->wRPCID;
1135 pPackageInfo[index].cbMaxToken = SecPkgInfoA_LIST[index]->cbMaxToken;
1136 pPackageInfo[index].Name = _strdup(SecPkgInfoA_LIST[index]->Name);
1137 pPackageInfo[index].Comment = _strdup(SecPkgInfoA_LIST[index]->Comment);
1138
1139 if (!pPackageInfo[index].Name || !pPackageInfo[index].Comment)
1140 {
1141 sspi_ContextBufferFree(pPackageInfo);
1142 return SEC_E_INSUFFICIENT_MEMORY;
1143 }
1144 }
1145
1146 *(pcPackages) = (UINT32)cPackages;
1147 *(ppPackageInfo) = pPackageInfo;
1148 return SEC_E_OK;
1149}
1150
1151static void FreeContextBuffer_EnumerateSecurityPackages(void* contextBuffer)
1152{
1153 SecPkgInfoA* pPackageInfo = (SecPkgInfoA*)contextBuffer;
1154 size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1155
1156 if (!pPackageInfo)
1157 return;
1158
1159 for (size_t index = 0; index < cPackages; index++)
1160 {
1161 free(pPackageInfo[index].Name);
1162 free(pPackageInfo[index].Comment);
1163 }
1164
1165 free(pPackageInfo);
1166}
1167
1168static SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName,
1169 PSecPkgInfoW* ppPackageInfo)
1170{
1171 size_t cPackages = ARRAYSIZE(SecPkgInfoW_LIST);
1172
1173 for (size_t index = 0; index < cPackages; index++)
1174 {
1175 if (_wcscmp(pszPackageName, SecPkgInfoW_LIST[index]->Name) == 0)
1176 {
1177 size_t size = sizeof(SecPkgInfoW);
1178 SecPkgInfoW* pPackageInfo =
1179 (SecPkgInfoW*)sspi_ContextBufferAlloc(QuerySecurityPackageInfoIndex, size);
1180
1181 if (!pPackageInfo)
1182 return SEC_E_INSUFFICIENT_MEMORY;
1183
1184 pPackageInfo->fCapabilities = SecPkgInfoW_LIST[index]->fCapabilities;
1185 pPackageInfo->wVersion = SecPkgInfoW_LIST[index]->wVersion;
1186 pPackageInfo->wRPCID = SecPkgInfoW_LIST[index]->wRPCID;
1187 pPackageInfo->cbMaxToken = SecPkgInfoW_LIST[index]->cbMaxToken;
1188 pPackageInfo->Name = _wcsdup(SecPkgInfoW_LIST[index]->Name);
1189 pPackageInfo->Comment = _wcsdup(SecPkgInfoW_LIST[index]->Comment);
1190 *(ppPackageInfo) = pPackageInfo;
1191 return SEC_E_OK;
1192 }
1193 }
1194
1195 *(ppPackageInfo) = NULL;
1196 return SEC_E_SECPKG_NOT_FOUND;
1197}
1198
1199static SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName,
1200 PSecPkgInfoA* ppPackageInfo)
1201{
1202 size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1203
1204 for (size_t index = 0; index < cPackages; index++)
1205 {
1206 if (strcmp(pszPackageName, SecPkgInfoA_LIST[index]->Name) == 0)
1207 {
1208 size_t size = sizeof(SecPkgInfoA);
1209 SecPkgInfoA* pPackageInfo =
1210 (SecPkgInfoA*)sspi_ContextBufferAlloc(QuerySecurityPackageInfoIndex, size);
1211
1212 if (!pPackageInfo)
1213 return SEC_E_INSUFFICIENT_MEMORY;
1214
1215 pPackageInfo->fCapabilities = SecPkgInfoA_LIST[index]->fCapabilities;
1216 pPackageInfo->wVersion = SecPkgInfoA_LIST[index]->wVersion;
1217 pPackageInfo->wRPCID = SecPkgInfoA_LIST[index]->wRPCID;
1218 pPackageInfo->cbMaxToken = SecPkgInfoA_LIST[index]->cbMaxToken;
1219 pPackageInfo->Name = _strdup(SecPkgInfoA_LIST[index]->Name);
1220 pPackageInfo->Comment = _strdup(SecPkgInfoA_LIST[index]->Comment);
1221
1222 if (!pPackageInfo->Name || !pPackageInfo->Comment)
1223 {
1224 sspi_ContextBufferFree(pPackageInfo);
1225 return SEC_E_INSUFFICIENT_MEMORY;
1226 }
1227
1228 *(ppPackageInfo) = pPackageInfo;
1229 return SEC_E_OK;
1230 }
1231 }
1232
1233 *(ppPackageInfo) = NULL;
1234 return SEC_E_SECPKG_NOT_FOUND;
1235}
1236
1237void FreeContextBuffer_QuerySecurityPackageInfo(void* contextBuffer)
1238{
1239 SecPkgInfo* pPackageInfo = (SecPkgInfo*)contextBuffer;
1240
1241 if (!pPackageInfo)
1242 return;
1243
1244 free(pPackageInfo->Name);
1245 free(pPackageInfo->Comment);
1246 free(pPackageInfo);
1247}
1248
1249#define log_status(what, status) log_status_((what), (status), __FILE__, __func__, __LINE__)
1250static SECURITY_STATUS log_status_(const char* what, SECURITY_STATUS status, const char* file,
1251 const char* fkt, size_t line)
1252{
1253 if (IsSecurityStatusError(status))
1254 {
1255 const DWORD level = WLOG_WARN;
1256 static wLog* log = NULL;
1257 if (!log)
1258 log = WLog_Get(TAG);
1259
1260 if (WLog_IsLevelActive(log, level))
1261 {
1262 WLog_PrintTextMessage(log, level, line, file, fkt, "%s status %s [0x%08" PRIx32 "]",
1263 what, GetSecurityStatusString(status),
1264 WINPR_CXX_COMPAT_CAST(uint32_t, status));
1265 }
1266 }
1267 return status;
1268}
1269
1270/* Credential Management */
1271
1272static SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleW(
1273 SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
1274 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
1275 PTimeStamp ptsExpiry)
1276{
1277 SECURITY_STATUS status = 0;
1278 const SecurityFunctionTableW* table = sspi_GetSecurityFunctionTableWByNameW(pszPackage);
1279
1280 if (!table)
1281 return SEC_E_SECPKG_NOT_FOUND;
1282
1283 if (!table->AcquireCredentialsHandleW)
1284 {
1285 WLog_WARN(TAG, "Security module does not provide an implementation");
1286 return SEC_E_UNSUPPORTED_FUNCTION;
1287 }
1288
1289 status = table->AcquireCredentialsHandleW(pszPrincipal, pszPackage, fCredentialUse, pvLogonID,
1290 pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential,
1291 ptsExpiry);
1292 return log_status("AcquireCredentialsHandleW", status);
1293}
1294
1295static SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleA(
1296 SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
1297 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
1298 PTimeStamp ptsExpiry)
1299{
1300 SECURITY_STATUS status = 0;
1301 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(pszPackage);
1302
1303 if (!table)
1304 return SEC_E_SECPKG_NOT_FOUND;
1305
1306 if (!table->AcquireCredentialsHandleA)
1307 {
1308 WLog_WARN(TAG, "Security module does not provide an implementation");
1309 return SEC_E_UNSUPPORTED_FUNCTION;
1310 }
1311
1312 status = table->AcquireCredentialsHandleA(pszPrincipal, pszPackage, fCredentialUse, pvLogonID,
1313 pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential,
1314 ptsExpiry);
1315 return log_status("AcquireCredentialsHandleA", status);
1316}
1317
1318static SECURITY_STATUS SEC_ENTRY winpr_ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags,
1319 PSecBuffer pPackedContext,
1320 HANDLE* pToken)
1321{
1322 SEC_CHAR* Name = NULL;
1323 SECURITY_STATUS status = 0;
1324 const SecurityFunctionTableW* table = NULL;
1325 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1326
1327 if (!Name)
1328 return SEC_E_SECPKG_NOT_FOUND;
1329
1330 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1331
1332 if (!table)
1333 return SEC_E_SECPKG_NOT_FOUND;
1334
1335 if (!table->ExportSecurityContext)
1336 {
1337 WLog_WARN(TAG, "Security module does not provide an implementation");
1338 return SEC_E_UNSUPPORTED_FUNCTION;
1339 }
1340
1341 status = table->ExportSecurityContext(phContext, fFlags, pPackedContext, pToken);
1342 return log_status("ExportSecurityContext", status);
1343}
1344
1345static SECURITY_STATUS SEC_ENTRY winpr_FreeCredentialsHandle(PCredHandle phCredential)
1346{
1347 char* Name = NULL;
1348 SECURITY_STATUS status = 0;
1349 const SecurityFunctionTableA* table = NULL;
1350 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1351
1352 if (!Name)
1353 return SEC_E_SECPKG_NOT_FOUND;
1354
1355 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1356
1357 if (!table)
1358 return SEC_E_SECPKG_NOT_FOUND;
1359
1360 if (!table->FreeCredentialsHandle)
1361 {
1362 WLog_WARN(TAG, "Security module does not provide an implementation");
1363 return SEC_E_UNSUPPORTED_FUNCTION;
1364 }
1365
1366 status = table->FreeCredentialsHandle(phCredential);
1367 return log_status("FreeCredentialsHandle", status);
1368}
1369
1370static SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextW(SEC_WCHAR* pszPackage,
1371 PSecBuffer pPackedContext,
1372 HANDLE pToken, PCtxtHandle phContext)
1373{
1374 SEC_CHAR* Name = NULL;
1375 SECURITY_STATUS status = 0;
1376 const SecurityFunctionTableW* table = NULL;
1377 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1378
1379 if (!Name)
1380 return SEC_E_SECPKG_NOT_FOUND;
1381
1382 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1383
1384 if (!table)
1385 return SEC_E_SECPKG_NOT_FOUND;
1386
1387 if (!table->ImportSecurityContextW)
1388 {
1389 WLog_WARN(TAG, "Security module does not provide an implementation");
1390 return SEC_E_UNSUPPORTED_FUNCTION;
1391 }
1392
1393 status = table->ImportSecurityContextW(pszPackage, pPackedContext, pToken, phContext);
1394 return log_status("ImportSecurityContextW", status);
1395}
1396
1397static SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextA(SEC_CHAR* pszPackage,
1398 PSecBuffer pPackedContext,
1399 HANDLE pToken, PCtxtHandle phContext)
1400{
1401 char* Name = NULL;
1402 SECURITY_STATUS status = 0;
1403 const SecurityFunctionTableA* table = NULL;
1404 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1405
1406 if (!Name)
1407 return SEC_E_SECPKG_NOT_FOUND;
1408
1409 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1410
1411 if (!table)
1412 return SEC_E_SECPKG_NOT_FOUND;
1413
1414 if (!table->ImportSecurityContextA)
1415 {
1416 WLog_WARN(TAG, "Security module does not provide an implementation");
1417 return SEC_E_UNSUPPORTED_FUNCTION;
1418 }
1419
1420 status = table->ImportSecurityContextA(pszPackage, pPackedContext, pToken, phContext);
1421 return log_status("ImportSecurityContextA", status);
1422}
1423
1424static SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesW(PCredHandle phCredential,
1425 ULONG ulAttribute, void* pBuffer)
1426{
1427 SEC_WCHAR* Name = NULL;
1428 SECURITY_STATUS status = 0;
1429 const SecurityFunctionTableW* table = NULL;
1430 Name = (SEC_WCHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1431
1432 if (!Name)
1433 return SEC_E_SECPKG_NOT_FOUND;
1434
1435 table = sspi_GetSecurityFunctionTableWByNameW(Name);
1436
1437 if (!table)
1438 return SEC_E_SECPKG_NOT_FOUND;
1439
1440 if (!table->QueryCredentialsAttributesW)
1441 {
1442 WLog_WARN(TAG, "Security module does not provide an implementation");
1443 return SEC_E_UNSUPPORTED_FUNCTION;
1444 }
1445
1446 status = table->QueryCredentialsAttributesW(phCredential, ulAttribute, pBuffer);
1447 return log_status("QueryCredentialsAttributesW", status);
1448}
1449
1450static SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesA(PCredHandle phCredential,
1451 ULONG ulAttribute, void* pBuffer)
1452{
1453 char* Name = NULL;
1454 SECURITY_STATUS status = 0;
1455 const SecurityFunctionTableA* table = NULL;
1456 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1457
1458 if (!Name)
1459 return SEC_E_SECPKG_NOT_FOUND;
1460
1461 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1462
1463 if (!table)
1464 return SEC_E_SECPKG_NOT_FOUND;
1465
1466 if (!table->QueryCredentialsAttributesA)
1467 {
1468 WLog_WARN(TAG, "Security module does not provide an implementation");
1469 return SEC_E_UNSUPPORTED_FUNCTION;
1470 }
1471
1472 status = table->QueryCredentialsAttributesA(phCredential, ulAttribute, pBuffer);
1473 return log_status("QueryCredentialsAttributesA", status);
1474}
1475
1476static SECURITY_STATUS SEC_ENTRY winpr_SetCredentialsAttributesW(PCredHandle phCredential,
1477 ULONG ulAttribute, void* pBuffer,
1478 ULONG cbBuffer)
1479{
1480 SEC_WCHAR* Name = NULL;
1481 SECURITY_STATUS status = 0;
1482 const SecurityFunctionTableW* table = NULL;
1483 Name = (SEC_WCHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1484
1485 if (!Name)
1486 return SEC_E_SECPKG_NOT_FOUND;
1487
1488 table = sspi_GetSecurityFunctionTableWByNameW(Name);
1489
1490 if (!table)
1491 return SEC_E_SECPKG_NOT_FOUND;
1492
1493 if (!table->SetCredentialsAttributesW)
1494 {
1495 WLog_WARN(TAG, "Security module does not provide an implementation");
1496 return SEC_E_UNSUPPORTED_FUNCTION;
1497 }
1498
1499 status = table->SetCredentialsAttributesW(phCredential, ulAttribute, pBuffer, cbBuffer);
1500 return log_status("SetCredentialsAttributesW", status);
1501}
1502
1503static SECURITY_STATUS SEC_ENTRY winpr_SetCredentialsAttributesA(PCredHandle phCredential,
1504 ULONG ulAttribute, void* pBuffer,
1505 ULONG cbBuffer)
1506{
1507 char* Name = NULL;
1508 SECURITY_STATUS status = 0;
1509 const SecurityFunctionTableA* table = NULL;
1510 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1511
1512 if (!Name)
1513 return SEC_E_SECPKG_NOT_FOUND;
1514
1515 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1516
1517 if (!table)
1518 return SEC_E_SECPKG_NOT_FOUND;
1519
1520 if (!table->SetCredentialsAttributesA)
1521 {
1522 WLog_WARN(TAG, "Security module does not provide an implementation");
1523 return SEC_E_UNSUPPORTED_FUNCTION;
1524 }
1525
1526 status = table->SetCredentialsAttributesA(phCredential, ulAttribute, pBuffer, cbBuffer);
1527 return log_status("SetCredentialsAttributesA", status);
1528}
1529
1530/* Context Management */
1531
1532static SECURITY_STATUS SEC_ENTRY
1533winpr_AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
1534 ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
1535 PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
1536{
1537 char* Name = NULL;
1538 SECURITY_STATUS status = 0;
1539 const SecurityFunctionTableA* table = NULL;
1540 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1541
1542 if (!Name)
1543 return SEC_E_SECPKG_NOT_FOUND;
1544
1545 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1546
1547 if (!table)
1548 return SEC_E_SECPKG_NOT_FOUND;
1549
1550 if (!table->AcceptSecurityContext)
1551 {
1552 WLog_WARN(TAG, "Security module does not provide an implementation");
1553 return SEC_E_UNSUPPORTED_FUNCTION;
1554 }
1555
1556 status =
1557 table->AcceptSecurityContext(phCredential, phContext, pInput, fContextReq, TargetDataRep,
1558 phNewContext, pOutput, pfContextAttr, ptsTimeStamp);
1559 return log_status("AcceptSecurityContext", status);
1560}
1561
1562static SECURITY_STATUS SEC_ENTRY winpr_ApplyControlToken(PCtxtHandle phContext,
1563 PSecBufferDesc pInput)
1564{
1565 char* Name = NULL;
1566 SECURITY_STATUS status = 0;
1567 const SecurityFunctionTableA* table = NULL;
1568 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1569
1570 if (!Name)
1571 return SEC_E_SECPKG_NOT_FOUND;
1572
1573 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1574
1575 if (!table)
1576 return SEC_E_SECPKG_NOT_FOUND;
1577
1578 if (!table->ApplyControlToken)
1579 {
1580 WLog_WARN(TAG, "Security module does not provide an implementation");
1581 return SEC_E_UNSUPPORTED_FUNCTION;
1582 }
1583
1584 status = table->ApplyControlToken(phContext, pInput);
1585 return log_status("ApplyControlToken", status);
1586}
1587
1588static SECURITY_STATUS SEC_ENTRY winpr_CompleteAuthToken(PCtxtHandle phContext,
1589 PSecBufferDesc pToken)
1590{
1591 char* Name = NULL;
1592 SECURITY_STATUS status = 0;
1593 const SecurityFunctionTableA* table = NULL;
1594 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1595
1596 if (!Name)
1597 return SEC_E_SECPKG_NOT_FOUND;
1598
1599 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1600
1601 if (!table)
1602 return SEC_E_SECPKG_NOT_FOUND;
1603
1604 if (!table->CompleteAuthToken)
1605 {
1606 WLog_WARN(TAG, "Security module does not provide an implementation");
1607 return SEC_E_UNSUPPORTED_FUNCTION;
1608 }
1609
1610 status = table->CompleteAuthToken(phContext, pToken);
1611 return log_status("CompleteAuthToken", status);
1612}
1613
1614static SECURITY_STATUS SEC_ENTRY winpr_DeleteSecurityContext(PCtxtHandle phContext)
1615{
1616 const char* Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1617
1618 if (!Name)
1619 return SEC_E_SECPKG_NOT_FOUND;
1620
1621 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(Name);
1622
1623 if (!table)
1624 return SEC_E_SECPKG_NOT_FOUND;
1625
1626 if (!table->DeleteSecurityContext)
1627 {
1628 WLog_WARN(TAG, "Security module does not provide an implementation");
1629 return SEC_E_UNSUPPORTED_FUNCTION;
1630 }
1631
1632 const SECURITY_STATUS status = table->DeleteSecurityContext(phContext);
1633 return log_status("DeleteSecurityContext", status);
1634}
1635
1636static SECURITY_STATUS SEC_ENTRY winpr_FreeContextBuffer(void* pvContextBuffer)
1637{
1638 if (!pvContextBuffer)
1639 return SEC_E_INVALID_HANDLE;
1640
1641 sspi_ContextBufferFree(pvContextBuffer);
1642 return SEC_E_OK;
1643}
1644
1645static SECURITY_STATUS SEC_ENTRY winpr_ImpersonateSecurityContext(PCtxtHandle phContext)
1646{
1647 SEC_CHAR* Name = NULL;
1648 SECURITY_STATUS status = 0;
1649 const SecurityFunctionTableW* table = NULL;
1650 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1651
1652 if (!Name)
1653 return SEC_E_SECPKG_NOT_FOUND;
1654
1655 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1656
1657 if (!table)
1658 return SEC_E_SECPKG_NOT_FOUND;
1659
1660 if (!table->ImpersonateSecurityContext)
1661 {
1662 WLog_WARN(TAG, "Security module does not provide an implementation");
1663 return SEC_E_UNSUPPORTED_FUNCTION;
1664 }
1665
1666 status = table->ImpersonateSecurityContext(phContext);
1667 return log_status("ImpersonateSecurityContext", status);
1668}
1669
1670static SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextW(
1671 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq,
1672 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
1673 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
1674{
1675 SEC_CHAR* Name = NULL;
1676 SECURITY_STATUS status = 0;
1677 const SecurityFunctionTableW* table = NULL;
1678 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1679
1680 if (!Name)
1681 return SEC_E_SECPKG_NOT_FOUND;
1682
1683 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1684
1685 if (!table)
1686 return SEC_E_SECPKG_NOT_FOUND;
1687
1688 if (!table->InitializeSecurityContextW)
1689 {
1690 WLog_WARN(TAG, "Security module does not provide an implementation");
1691 return SEC_E_UNSUPPORTED_FUNCTION;
1692 }
1693
1694 status = table->InitializeSecurityContextW(phCredential, phContext, pszTargetName, fContextReq,
1695 Reserved1, TargetDataRep, pInput, Reserved2,
1696 phNewContext, pOutput, pfContextAttr, ptsExpiry);
1697 return log_status("InitializeSecurityContextW", status);
1698}
1699
1700static SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextA(
1701 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq,
1702 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
1703 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
1704{
1705 SEC_CHAR* Name = NULL;
1706 SECURITY_STATUS status = 0;
1707 const SecurityFunctionTableA* table = NULL;
1708 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1709
1710 if (!Name)
1711 return SEC_E_SECPKG_NOT_FOUND;
1712
1713 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1714
1715 if (!table)
1716 return SEC_E_SECPKG_NOT_FOUND;
1717
1718 if (!table->InitializeSecurityContextA)
1719 {
1720 WLog_WARN(TAG, "Security module does not provide an implementation");
1721 return SEC_E_UNSUPPORTED_FUNCTION;
1722 }
1723
1724 status = table->InitializeSecurityContextA(phCredential, phContext, pszTargetName, fContextReq,
1725 Reserved1, TargetDataRep, pInput, Reserved2,
1726 phNewContext, pOutput, pfContextAttr, ptsExpiry);
1727
1728 return log_status("InitializeSecurityContextA", status);
1729}
1730
1731static SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesW(PCtxtHandle phContext,
1732 ULONG ulAttribute, void* pBuffer)
1733{
1734 SEC_CHAR* Name = NULL;
1735 SECURITY_STATUS status = 0;
1736 const SecurityFunctionTableW* table = NULL;
1737 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1738
1739 if (!Name)
1740 return SEC_E_SECPKG_NOT_FOUND;
1741
1742 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1743
1744 if (!table)
1745 return SEC_E_SECPKG_NOT_FOUND;
1746
1747 if (!table->QueryContextAttributesW)
1748 {
1749 WLog_WARN(TAG, "Security module does not provide an implementation");
1750 return SEC_E_UNSUPPORTED_FUNCTION;
1751 }
1752
1753 status = table->QueryContextAttributesW(phContext, ulAttribute, pBuffer);
1754 return log_status("QueryContextAttributesW", status);
1755}
1756
1757static SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesA(PCtxtHandle phContext,
1758 ULONG ulAttribute, void* pBuffer)
1759{
1760 SEC_CHAR* Name = NULL;
1761 SECURITY_STATUS status = 0;
1762 const SecurityFunctionTableA* table = NULL;
1763 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1764
1765 if (!Name)
1766 return SEC_E_SECPKG_NOT_FOUND;
1767
1768 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1769
1770 if (!table)
1771 return SEC_E_SECPKG_NOT_FOUND;
1772
1773 if (!table->QueryContextAttributesA)
1774 {
1775 WLog_WARN(TAG, "Security module does not provide an implementation");
1776 return SEC_E_UNSUPPORTED_FUNCTION;
1777 }
1778
1779 status = table->QueryContextAttributesA(phContext, ulAttribute, pBuffer);
1780 return log_status("QueryContextAttributesA", status);
1781}
1782
1783static SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityContextToken(PCtxtHandle phContext,
1784 HANDLE* phToken)
1785{
1786 SEC_CHAR* Name = NULL;
1787 SECURITY_STATUS status = 0;
1788 const SecurityFunctionTableW* table = NULL;
1789 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1790
1791 if (!Name)
1792 return SEC_E_SECPKG_NOT_FOUND;
1793
1794 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1795
1796 if (!table)
1797 return SEC_E_SECPKG_NOT_FOUND;
1798
1799 if (!table->QuerySecurityContextToken)
1800 {
1801 WLog_WARN(TAG, "Security module does not provide an implementation");
1802 return SEC_E_UNSUPPORTED_FUNCTION;
1803 }
1804
1805 status = table->QuerySecurityContextToken(phContext, phToken);
1806 return log_status("QuerySecurityContextToken", status);
1807}
1808
1809static SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesW(PCtxtHandle phContext,
1810 ULONG ulAttribute, void* pBuffer,
1811 ULONG cbBuffer)
1812{
1813 SEC_CHAR* Name = NULL;
1814 SECURITY_STATUS status = 0;
1815 const SecurityFunctionTableW* table = NULL;
1816 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1817
1818 if (!Name)
1819 return SEC_E_SECPKG_NOT_FOUND;
1820
1821 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1822
1823 if (!table)
1824 return SEC_E_SECPKG_NOT_FOUND;
1825
1826 if (!table->SetContextAttributesW)
1827 {
1828 WLog_WARN(TAG, "Security module does not provide an implementation");
1829 return SEC_E_UNSUPPORTED_FUNCTION;
1830 }
1831
1832 status = table->SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
1833 return log_status("SetContextAttributesW", status);
1834}
1835
1836static SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesA(PCtxtHandle phContext,
1837 ULONG ulAttribute, void* pBuffer,
1838 ULONG cbBuffer)
1839{
1840 char* Name = NULL;
1841 SECURITY_STATUS status = 0;
1842 const SecurityFunctionTableA* table = NULL;
1843 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1844
1845 if (!Name)
1846 return SEC_E_SECPKG_NOT_FOUND;
1847
1848 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1849
1850 if (!table)
1851 return SEC_E_SECPKG_NOT_FOUND;
1852
1853 if (!table->SetContextAttributesA)
1854 {
1855 WLog_WARN(TAG, "Security module does not provide an implementation");
1856 return SEC_E_UNSUPPORTED_FUNCTION;
1857 }
1858
1859 status = table->SetContextAttributesA(phContext, ulAttribute, pBuffer, cbBuffer);
1860 return log_status("SetContextAttributesA", status);
1861}
1862
1863static SECURITY_STATUS SEC_ENTRY winpr_RevertSecurityContext(PCtxtHandle phContext)
1864{
1865 SEC_CHAR* Name = NULL;
1866 SECURITY_STATUS status = 0;
1867 const SecurityFunctionTableW* table = NULL;
1868 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1869
1870 if (!Name)
1871 return SEC_E_SECPKG_NOT_FOUND;
1872
1873 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1874
1875 if (!table)
1876 return SEC_E_SECPKG_NOT_FOUND;
1877
1878 if (!table->RevertSecurityContext)
1879 {
1880 WLog_WARN(TAG, "Security module does not provide an implementation");
1881 return SEC_E_UNSUPPORTED_FUNCTION;
1882 }
1883
1884 status = table->RevertSecurityContext(phContext);
1885
1886 return log_status("RevertSecurityContext", status);
1887}
1888
1889/* Message Support */
1890
1891static SECURITY_STATUS SEC_ENTRY winpr_DecryptMessage(PCtxtHandle phContext,
1892 PSecBufferDesc pMessage, ULONG MessageSeqNo,
1893 PULONG pfQOP)
1894{
1895 char* Name = NULL;
1896 SECURITY_STATUS status = 0;
1897 const SecurityFunctionTableA* table = NULL;
1898 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1899
1900 if (!Name)
1901 return SEC_E_SECPKG_NOT_FOUND;
1902
1903 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1904
1905 if (!table)
1906 return SEC_E_SECPKG_NOT_FOUND;
1907
1908 if (!table->DecryptMessage)
1909 {
1910 WLog_WARN(TAG, "Security module does not provide an implementation");
1911 return SEC_E_UNSUPPORTED_FUNCTION;
1912 }
1913
1914 status = table->DecryptMessage(phContext, pMessage, MessageSeqNo, pfQOP);
1915
1916 return log_status("DecryptMessage", status);
1917}
1918
1919static SECURITY_STATUS SEC_ENTRY winpr_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
1920 PSecBufferDesc pMessage, ULONG MessageSeqNo)
1921{
1922 char* Name = NULL;
1923 SECURITY_STATUS status = 0;
1924 const SecurityFunctionTableA* table = NULL;
1925 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1926
1927 if (!Name)
1928 return SEC_E_SECPKG_NOT_FOUND;
1929
1930 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1931
1932 if (!table)
1933 return SEC_E_SECPKG_NOT_FOUND;
1934
1935 if (!table->EncryptMessage)
1936 {
1937 WLog_WARN(TAG, "Security module does not provide an implementation");
1938 return SEC_E_UNSUPPORTED_FUNCTION;
1939 }
1940
1941 status = table->EncryptMessage(phContext, fQOP, pMessage, MessageSeqNo);
1942 return log_status("EncryptMessage", status);
1943}
1944
1945static SECURITY_STATUS SEC_ENTRY winpr_MakeSignature(PCtxtHandle phContext, ULONG fQOP,
1946 PSecBufferDesc pMessage, ULONG MessageSeqNo)
1947{
1948 SECURITY_STATUS status = 0;
1949 const char* Name = (const char*)sspi_SecureHandleGetUpperPointer(phContext);
1950
1951 if (!Name)
1952 return SEC_E_SECPKG_NOT_FOUND;
1953
1954 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(Name);
1955
1956 if (!table)
1957 return SEC_E_SECPKG_NOT_FOUND;
1958
1959 if (!table->MakeSignature)
1960 {
1961 WLog_WARN(TAG, "Security module does not provide an implementation");
1962 return SEC_E_UNSUPPORTED_FUNCTION;
1963 }
1964
1965 status = table->MakeSignature(phContext, fQOP, pMessage, MessageSeqNo);
1966 return log_status("MakeSignature", status);
1967}
1968
1969static SECURITY_STATUS SEC_ENTRY winpr_VerifySignature(PCtxtHandle phContext,
1970 PSecBufferDesc pMessage, ULONG MessageSeqNo,
1971 PULONG pfQOP)
1972{
1973 SECURITY_STATUS status = 0;
1974
1975 const char* Name = (const char*)sspi_SecureHandleGetUpperPointer(phContext);
1976
1977 if (!Name)
1978 return SEC_E_SECPKG_NOT_FOUND;
1979
1980 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(Name);
1981
1982 if (!table)
1983 return SEC_E_SECPKG_NOT_FOUND;
1984
1985 if (!table->VerifySignature)
1986 {
1987 WLog_WARN(TAG, "Security module does not provide an implementation");
1988 return SEC_E_UNSUPPORTED_FUNCTION;
1989 }
1990
1991 status = table->VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
1992
1993 return log_status("VerifySignature", status);
1994}
1995
1996static SecurityFunctionTableA winpr_SecurityFunctionTableA = {
1997 3, /* dwVersion */
1998 winpr_EnumerateSecurityPackagesA, /* EnumerateSecurityPackages */
1999 winpr_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
2000 winpr_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */
2001 winpr_FreeCredentialsHandle, /* FreeCredentialsHandle */
2002 NULL, /* Reserved2 */
2003 winpr_InitializeSecurityContextA, /* InitializeSecurityContext */
2004 winpr_AcceptSecurityContext, /* AcceptSecurityContext */
2005 winpr_CompleteAuthToken, /* CompleteAuthToken */
2006 winpr_DeleteSecurityContext, /* DeleteSecurityContext */
2007 winpr_ApplyControlToken, /* ApplyControlToken */
2008 winpr_QueryContextAttributesA, /* QueryContextAttributes */
2009 winpr_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
2010 winpr_RevertSecurityContext, /* RevertSecurityContext */
2011 winpr_MakeSignature, /* MakeSignature */
2012 winpr_VerifySignature, /* VerifySignature */
2013 winpr_FreeContextBuffer, /* FreeContextBuffer */
2014 winpr_QuerySecurityPackageInfoA, /* QuerySecurityPackageInfo */
2015 NULL, /* Reserved3 */
2016 NULL, /* Reserved4 */
2017 winpr_ExportSecurityContext, /* ExportSecurityContext */
2018 winpr_ImportSecurityContextA, /* ImportSecurityContext */
2019 NULL, /* AddCredentials */
2020 NULL, /* Reserved8 */
2021 winpr_QuerySecurityContextToken, /* QuerySecurityContextToken */
2022 winpr_EncryptMessage, /* EncryptMessage */
2023 winpr_DecryptMessage, /* DecryptMessage */
2024 winpr_SetContextAttributesA, /* SetContextAttributes */
2025 winpr_SetCredentialsAttributesA, /* SetCredentialsAttributes */
2026};
2027
2028static SecurityFunctionTableW winpr_SecurityFunctionTableW = {
2029 3, /* dwVersion */
2030 winpr_EnumerateSecurityPackagesW, /* EnumerateSecurityPackages */
2031 winpr_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
2032 winpr_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */
2033 winpr_FreeCredentialsHandle, /* FreeCredentialsHandle */
2034 NULL, /* Reserved2 */
2035 winpr_InitializeSecurityContextW, /* InitializeSecurityContext */
2036 winpr_AcceptSecurityContext, /* AcceptSecurityContext */
2037 winpr_CompleteAuthToken, /* CompleteAuthToken */
2038 winpr_DeleteSecurityContext, /* DeleteSecurityContext */
2039 winpr_ApplyControlToken, /* ApplyControlToken */
2040 winpr_QueryContextAttributesW, /* QueryContextAttributes */
2041 winpr_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
2042 winpr_RevertSecurityContext, /* RevertSecurityContext */
2043 winpr_MakeSignature, /* MakeSignature */
2044 winpr_VerifySignature, /* VerifySignature */
2045 winpr_FreeContextBuffer, /* FreeContextBuffer */
2046 winpr_QuerySecurityPackageInfoW, /* QuerySecurityPackageInfo */
2047 NULL, /* Reserved3 */
2048 NULL, /* Reserved4 */
2049 winpr_ExportSecurityContext, /* ExportSecurityContext */
2050 winpr_ImportSecurityContextW, /* ImportSecurityContext */
2051 NULL, /* AddCredentials */
2052 NULL, /* Reserved8 */
2053 winpr_QuerySecurityContextToken, /* QuerySecurityContextToken */
2054 winpr_EncryptMessage, /* EncryptMessage */
2055 winpr_DecryptMessage, /* DecryptMessage */
2056 winpr_SetContextAttributesW, /* SetContextAttributes */
2057 winpr_SetCredentialsAttributesW, /* SetCredentialsAttributes */
2058};
2059
2060SecurityFunctionTableW* SEC_ENTRY winpr_InitSecurityInterfaceW(void)
2061{
2062 return &winpr_SecurityFunctionTableW;
2063}
2064
2065SecurityFunctionTableA* SEC_ENTRY winpr_InitSecurityInterfaceA(void)
2066{
2067 return &winpr_SecurityFunctionTableA;
2068}
RTL_RUN_ONCE
Definition include/winpr/synch.h:359
SECURITY_INTEGER
Definition include/winpr/sspi.h:51
SEC_WINNT_AUTH_IDENTITY_A
Definition include/winpr/sspi.h:690
SEC_WINNT_AUTH_IDENTITY_EX2
Definition include/winpr/sspi.h:759
SEC_WINNT_AUTH_IDENTITY_EXA
Definition include/winpr/sspi.h:731
SEC_WINNT_AUTH_IDENTITY_EXW
Definition include/winpr/sspi.h:716
SEC_WINNT_AUTH_IDENTITY_W
Definition include/winpr/sspi.h:679
SSPI_CREDENTIALS
Definition libwinpr/sspi/sspi.h:32
SEC_WINNT_AUTH_IDENTITY_INFO
Definition include/winpr/sspi.h:783