FreeRDP
Loading...
Searching...
No Matches
sspi_winpr.c
1
21#include <winpr/config.h>
22#include <winpr/assert.h>
23#include <winpr/windows.h>
24
25#include <winpr/crt.h>
26#include <winpr/sspi.h>
27#include <winpr/ssl.h>
28#include <winpr/print.h>
29
30#include "sspi.h"
31
32#include "sspi_winpr.h"
33
34#include "../log.h"
35#define TAG WINPR_TAG("sspi")
36
37/* Authentication Functions: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731/ */
38
39#include "NTLM/ntlm.h"
40#include "NTLM/ntlm_export.h"
41#include "CredSSP/credssp.h"
42#include "Kerberos/kerberos.h"
43#include "Negotiate/negotiate.h"
44#include "Schannel/schannel.h"
45
46static const SecPkgInfoA* SecPkgInfoA_LIST[] = { &NTLM_SecPkgInfoA, &KERBEROS_SecPkgInfoA,
47 &NEGOTIATE_SecPkgInfoA, &CREDSSP_SecPkgInfoA,
48 &SCHANNEL_SecPkgInfoA };
49
50static const SecPkgInfoW* SecPkgInfoW_LIST[] = { &NTLM_SecPkgInfoW, &KERBEROS_SecPkgInfoW,
51 &NEGOTIATE_SecPkgInfoW, &CREDSSP_SecPkgInfoW,
52 &SCHANNEL_SecPkgInfoW };
53
54typedef struct
55{
56 const SEC_CHAR* Name;
57 const SecurityFunctionTableA* SecurityFunctionTable;
58} SecurityFunctionTableA_NAME;
59
60typedef struct
61{
62 const SEC_WCHAR* Name;
63 const SecurityFunctionTableW* SecurityFunctionTable;
64} SecurityFunctionTableW_NAME;
65
66static const SecurityFunctionTableA_NAME SecurityFunctionTableA_NAME_LIST[] = {
67 { "NTLM", &NTLM_SecurityFunctionTableA },
68 { "Kerberos", &KERBEROS_SecurityFunctionTableA },
69 { "Negotiate", &NEGOTIATE_SecurityFunctionTableA },
70 { "CREDSSP", &CREDSSP_SecurityFunctionTableA },
71 { "Schannel", &SCHANNEL_SecurityFunctionTableA }
72};
73
74static WCHAR BUFFER_NAME_LIST_W[5][32] = WINPR_C_ARRAY_INIT;
75
76static const SecurityFunctionTableW_NAME SecurityFunctionTableW_NAME_LIST[] = {
77 { BUFFER_NAME_LIST_W[0], &NTLM_SecurityFunctionTableW },
78 { BUFFER_NAME_LIST_W[1], &KERBEROS_SecurityFunctionTableW },
79 { BUFFER_NAME_LIST_W[2], &NEGOTIATE_SecurityFunctionTableW },
80 { BUFFER_NAME_LIST_W[3], &CREDSSP_SecurityFunctionTableW },
81 { BUFFER_NAME_LIST_W[4], &SCHANNEL_SecurityFunctionTableW }
82};
83
84typedef struct
85{
86 void* contextBuffer;
87 UINT32 allocatorIndex;
88} CONTEXT_BUFFER_ALLOC_ENTRY;
89
90typedef struct
91{
92 UINT32 cEntries;
93 UINT32 cMaxEntries;
94 CONTEXT_BUFFER_ALLOC_ENTRY* entries;
95} CONTEXT_BUFFER_ALLOC_TABLE;
96
97static CONTEXT_BUFFER_ALLOC_TABLE ContextBufferAllocTable = WINPR_C_ARRAY_INIT;
98
99static int sspi_ContextBufferAllocTableNew(void)
100{
101 size_t size = 0;
102 ContextBufferAllocTable.entries = nullptr;
103 ContextBufferAllocTable.cEntries = 0;
104 ContextBufferAllocTable.cMaxEntries = 4;
105 size = sizeof(CONTEXT_BUFFER_ALLOC_ENTRY) * ContextBufferAllocTable.cMaxEntries;
106 ContextBufferAllocTable.entries = (CONTEXT_BUFFER_ALLOC_ENTRY*)calloc(1, size);
107
108 if (!ContextBufferAllocTable.entries)
109 return -1;
110
111 return 1;
112}
113
114static int sspi_ContextBufferAllocTableGrow(void)
115{
116 size_t size = 0;
117 CONTEXT_BUFFER_ALLOC_ENTRY* entries = nullptr;
118 ContextBufferAllocTable.cEntries = 0;
119 ContextBufferAllocTable.cMaxEntries *= 2;
120 size = sizeof(CONTEXT_BUFFER_ALLOC_ENTRY) * ContextBufferAllocTable.cMaxEntries;
121
122 if (!size)
123 return -1;
124
125 entries = (CONTEXT_BUFFER_ALLOC_ENTRY*)realloc(ContextBufferAllocTable.entries, size);
126
127 if (!entries)
128 {
129 free(ContextBufferAllocTable.entries);
130 return -1;
131 }
132
133 ContextBufferAllocTable.entries = entries;
134 ZeroMemory((void*)&ContextBufferAllocTable.entries[ContextBufferAllocTable.cMaxEntries / 2],
135 size / 2);
136 return 1;
137}
138
139static void sspi_ContextBufferAllocTableFree(void)
140{
141 if (ContextBufferAllocTable.cEntries != 0)
142 WLog_ERR(TAG, "ContextBufferAllocTable.entries == %" PRIu32,
143 ContextBufferAllocTable.cEntries);
144
145 ContextBufferAllocTable.cEntries = ContextBufferAllocTable.cMaxEntries = 0;
146 free(ContextBufferAllocTable.entries);
147 ContextBufferAllocTable.entries = nullptr;
148}
149
150void* sspi_ContextBufferAlloc(UINT32 allocatorIndex, size_t size)
151{
152 void* contextBuffer = nullptr;
153
154 for (UINT32 index = 0; index < ContextBufferAllocTable.cMaxEntries; index++)
155 {
156 if (!ContextBufferAllocTable.entries[index].contextBuffer)
157 {
158 contextBuffer = calloc(1, size);
159
160 if (!contextBuffer)
161 return nullptr;
162
163 ContextBufferAllocTable.cEntries++;
164 ContextBufferAllocTable.entries[index].contextBuffer = contextBuffer;
165 ContextBufferAllocTable.entries[index].allocatorIndex = allocatorIndex;
166 return ContextBufferAllocTable.entries[index].contextBuffer;
167 }
168 }
169
170 /* no available entry was found, the table needs to be grown */
171
172 if (sspi_ContextBufferAllocTableGrow() < 0)
173 return nullptr;
174
175 /* the next call to sspi_ContextBufferAlloc() should now succeed */
176 return sspi_ContextBufferAlloc(allocatorIndex, size);
177}
178
179SSPI_CREDENTIALS* sspi_CredentialsNew(void)
180{
181 SSPI_CREDENTIALS* credentials = nullptr;
182 credentials = (SSPI_CREDENTIALS*)calloc(1, sizeof(SSPI_CREDENTIALS));
183 return credentials;
184}
185
186void sspi_CredentialsFree(SSPI_CREDENTIALS* credentials)
187{
188 size_t userLength = 0;
189 size_t domainLength = 0;
190 size_t passwordLength = 0;
191
192 if (!credentials)
193 return;
194
195 if (credentials->ntlmSettings.samFile)
196 free(credentials->ntlmSettings.samFile);
197
198 userLength = credentials->identity.UserLength;
199 domainLength = credentials->identity.DomainLength;
200 passwordLength = credentials->identity.PasswordLength;
201
202 if (passwordLength > SSPI_CREDENTIALS_HASH_LENGTH_OFFSET) /* [pth] */
203 passwordLength -= SSPI_CREDENTIALS_HASH_LENGTH_OFFSET;
204
205 if (credentials->identity.Flags & SEC_WINNT_AUTH_IDENTITY_UNICODE)
206 {
207 userLength *= 2;
208 domainLength *= 2;
209 passwordLength *= 2;
210 }
211
212 if (credentials->identity.User)
213 memset(credentials->identity.User, 0, userLength);
214 if (credentials->identity.Domain)
215 memset(credentials->identity.Domain, 0, domainLength);
216 if (credentials->identity.Password)
217 memset(credentials->identity.Password, 0, passwordLength);
218 free(credentials->identity.User);
219 free(credentials->identity.Domain);
220 free(credentials->identity.Password);
221 free(credentials);
222}
223
224void* sspi_SecBufferAlloc(PSecBuffer SecBuffer, ULONG size)
225{
226 if (!SecBuffer)
227 return nullptr;
228
229 SecBuffer->pvBuffer = calloc(1, size);
230
231 if (!SecBuffer->pvBuffer)
232 return nullptr;
233
234 SecBuffer->cbBuffer = size;
235 return SecBuffer->pvBuffer;
236}
237
238void sspi_SecBufferFree(PSecBuffer SecBuffer)
239{
240 if (!SecBuffer)
241 return;
242
243 if (SecBuffer->pvBuffer)
244 memset(SecBuffer->pvBuffer, 0, SecBuffer->cbBuffer);
245
246 free(SecBuffer->pvBuffer);
247 SecBuffer->pvBuffer = nullptr;
248 SecBuffer->cbBuffer = 0;
249}
250
251SecHandle* sspi_SecureHandleAlloc(void)
252{
253 SecHandle* handle = (SecHandle*)calloc(1, sizeof(SecHandle));
254
255 if (!handle)
256 return nullptr;
257
258 SecInvalidateHandle(handle);
259 return handle;
260}
261
262void* sspi_SecureHandleGetLowerPointer(SecHandle* handle)
263{
264 void* pointer = nullptr;
265
266 if (!handle || !SecIsValidHandle(handle) || !handle->dwLower)
267 return nullptr;
268
269 pointer = (void*)~((size_t)handle->dwLower);
270 return pointer;
271}
272
273void sspi_SecureHandleInvalidate(SecHandle* handle)
274{
275 if (!handle)
276 return;
277
278 handle->dwLower = 0;
279 handle->dwUpper = 0;
280}
281
282void sspi_SecureHandleSetLowerPointer(SecHandle* handle, void* pointer)
283{
284 if (!handle)
285 return;
286
287 handle->dwLower = (ULONG_PTR)(~((size_t)pointer));
288}
289
290void* sspi_SecureHandleGetUpperPointer(SecHandle* handle)
291{
292 void* pointer = nullptr;
293
294 if (!handle || !SecIsValidHandle(handle) || !handle->dwUpper)
295 return nullptr;
296
297 pointer = (void*)~((size_t)handle->dwUpper);
298 return pointer;
299}
300
301void sspi_SecureHandleSetUpperPointer(SecHandle* handle, void* pointer)
302{
303 if (!handle)
304 return;
305
306 handle->dwUpper = (ULONG_PTR)(~((size_t)pointer));
307}
308
309void sspi_SecureHandleFree(SecHandle* handle)
310{
311 free(handle);
312}
313
314int sspi_SetAuthIdentityW(SEC_WINNT_AUTH_IDENTITY* identity, const WCHAR* user, const WCHAR* domain,
315 const WCHAR* password)
316{
317 return sspi_SetAuthIdentityWithLengthW(identity, user, user ? _wcslen(user) : 0, domain,
318 domain ? _wcslen(domain) : 0, password,
319 password ? _wcslen(password) : 0);
320}
321
322static BOOL copy(WCHAR** dst, ULONG* dstLen, const WCHAR* what, size_t len)
323{
324 WINPR_ASSERT(dst);
325 WINPR_ASSERT(dstLen);
326
327 *dst = nullptr;
328 *dstLen = 0;
329
330 if (len > UINT32_MAX)
331 return FALSE;
332
333 /* Case what="" and len=0 should allocate an empty string */
334 if (!what && (len != 0))
335 return FALSE;
336 if (!what && (len == 0))
337 return TRUE;
338
339 *dst = calloc(sizeof(WCHAR), len + 1);
340 if (!*dst)
341 return FALSE;
342
343 memcpy(*dst, what, len * sizeof(WCHAR));
344 *dstLen = WINPR_ASSERTING_INT_CAST(UINT32, len);
345 return TRUE;
346}
347
348int sspi_SetAuthIdentityWithLengthW(SEC_WINNT_AUTH_IDENTITY* identity, const WCHAR* user,
349 size_t userLen, const WCHAR* domain, size_t domainLen,
350 const WCHAR* password, size_t passwordLen)
351{
352 WINPR_ASSERT(identity);
353 sspi_FreeAuthIdentity(identity);
354 identity->Flags &= (uint32_t)~SEC_WINNT_AUTH_IDENTITY_ANSI;
355 identity->Flags |= SEC_WINNT_AUTH_IDENTITY_UNICODE;
356
357 if (!copy(&identity->User, &identity->UserLength, user, userLen))
358 return -1;
359
360 if (!copy(&identity->Domain, &identity->DomainLength, domain, domainLen))
361 return -1;
362
363 if (!copy(&identity->Password, &identity->PasswordLength, password, passwordLen))
364 return -1;
365
366 return 1;
367}
368
369static void zfree(WCHAR* str, size_t len)
370{
371 if (str)
372 memset(str, 0, len * sizeof(WCHAR));
373 free(str);
374}
375
376int sspi_SetAuthIdentityA(SEC_WINNT_AUTH_IDENTITY* identity, const char* user, const char* domain,
377 const char* password)
378{
379 int rc = 0;
380 size_t unicodeUserLenW = 0;
381 size_t unicodeDomainLenW = 0;
382 size_t unicodePasswordLenW = 0;
383 LPWSTR unicodeUser = nullptr;
384 LPWSTR unicodeDomain = nullptr;
385 LPWSTR unicodePassword = nullptr;
386
387 if (user)
388 unicodeUser = ConvertUtf8ToWCharAlloc(user, &unicodeUserLenW);
389
390 if (domain)
391 unicodeDomain = ConvertUtf8ToWCharAlloc(domain, &unicodeDomainLenW);
392
393 if (password)
394 unicodePassword = ConvertUtf8ToWCharAlloc(password, &unicodePasswordLenW);
395
396 rc = sspi_SetAuthIdentityWithLengthW(identity, unicodeUser, unicodeUserLenW, unicodeDomain,
397 unicodeDomainLenW, unicodePassword, unicodePasswordLenW);
398
399 zfree(unicodeUser, unicodeUserLenW);
400 zfree(unicodeDomain, unicodeDomainLenW);
401 zfree(unicodePassword, unicodePasswordLenW);
402 return rc;
403}
404
405UINT32 sspi_GetAuthIdentityVersion(const void* identity)
406{
407 UINT32 version = 0;
408
409 if (!identity)
410 return 0;
411
412 version = *((const UINT32*)identity);
413
414 if ((version == SEC_WINNT_AUTH_IDENTITY_VERSION) ||
415 (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2))
416 {
417 return version;
418 }
419
420 return 0; // SEC_WINNT_AUTH_IDENTITY (no version)
421}
422
423UINT32 sspi_GetAuthIdentityFlags(const void* identity)
424{
425 UINT32 version = 0;
426 UINT32 flags = 0;
427
428 if (!identity)
429 return 0;
430
431 version = sspi_GetAuthIdentityVersion(identity);
432
433 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
434 {
435 flags = ((const SEC_WINNT_AUTH_IDENTITY_EX*)identity)->Flags;
436 }
437 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
438 {
439 flags = ((const SEC_WINNT_AUTH_IDENTITY_EX2*)identity)->Flags;
440 }
441 else // SEC_WINNT_AUTH_IDENTITY
442 {
443 flags = ((const SEC_WINNT_AUTH_IDENTITY*)identity)->Flags;
444 }
445
446 return flags;
447}
448
449BOOL sspi_GetAuthIdentityUserDomainW(const void* identity, const WCHAR** pUser, UINT32* pUserLength,
450 const WCHAR** pDomain, UINT32* pDomainLength)
451{
452 UINT32 version = 0;
453
454 if (!identity)
455 return FALSE;
456
457 version = sspi_GetAuthIdentityVersion(identity);
458
459 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
460 {
461 const SEC_WINNT_AUTH_IDENTITY_EXW* id = (const SEC_WINNT_AUTH_IDENTITY_EXW*)identity;
462 *pUser = (const WCHAR*)id->User;
463 *pUserLength = id->UserLength;
464 *pDomain = (const WCHAR*)id->Domain;
465 *pDomainLength = id->DomainLength;
466 }
467 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
468 {
469 const SEC_WINNT_AUTH_IDENTITY_EX2* id = (const SEC_WINNT_AUTH_IDENTITY_EX2*)identity;
470 UINT32 UserOffset = id->UserOffset;
471 UINT32 DomainOffset = id->DomainOffset;
472 *pUser = (const WCHAR*)&((const uint8_t*)identity)[UserOffset];
473 *pUserLength = id->UserLength / 2;
474 *pDomain = (const WCHAR*)&((const uint8_t*)identity)[DomainOffset];
475 *pDomainLength = id->DomainLength / 2;
476 }
477 else // SEC_WINNT_AUTH_IDENTITY
478 {
479 const SEC_WINNT_AUTH_IDENTITY_W* id = (const SEC_WINNT_AUTH_IDENTITY_W*)identity;
480 *pUser = (const WCHAR*)id->User;
481 *pUserLength = id->UserLength;
482 *pDomain = (const WCHAR*)id->Domain;
483 *pDomainLength = id->DomainLength;
484 }
485
486 return TRUE;
487}
488
489BOOL sspi_GetAuthIdentityUserDomainA(const void* identity, const char** pUser, UINT32* pUserLength,
490 const char** pDomain, UINT32* pDomainLength)
491{
492 UINT32 version = 0;
493
494 if (!identity)
495 return FALSE;
496
497 version = sspi_GetAuthIdentityVersion(identity);
498
499 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
500 {
501 const SEC_WINNT_AUTH_IDENTITY_EXA* id = (const SEC_WINNT_AUTH_IDENTITY_EXA*)identity;
502 *pUser = (const char*)id->User;
503 *pUserLength = id->UserLength;
504 *pDomain = (const char*)id->Domain;
505 *pDomainLength = id->DomainLength;
506 }
507 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
508 {
509 const SEC_WINNT_AUTH_IDENTITY_EX2* id = (const SEC_WINNT_AUTH_IDENTITY_EX2*)identity;
510 UINT32 UserOffset = id->UserOffset;
511 UINT32 DomainOffset = id->DomainOffset;
512 *pUser = (const char*)&((const uint8_t*)identity)[UserOffset];
513 *pUserLength = id->UserLength;
514 *pDomain = (const char*)&((const uint8_t*)identity)[DomainOffset];
515 *pDomainLength = id->DomainLength;
516 }
517 else // SEC_WINNT_AUTH_IDENTITY
518 {
519 const SEC_WINNT_AUTH_IDENTITY_A* id = (const SEC_WINNT_AUTH_IDENTITY_A*)identity;
520 *pUser = (const char*)id->User;
521 *pUserLength = id->UserLength;
522 *pDomain = (const char*)id->Domain;
523 *pDomainLength = id->DomainLength;
524 }
525
526 return TRUE;
527}
528
529BOOL sspi_GetAuthIdentityPasswordW(const void* identity, const WCHAR** pPassword,
530 UINT32* pPasswordLength)
531{
532 UINT32 version = 0;
533
534 if (!identity)
535 return FALSE;
536
537 version = sspi_GetAuthIdentityVersion(identity);
538
539 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
540 {
541 const SEC_WINNT_AUTH_IDENTITY_EXW* id = (const SEC_WINNT_AUTH_IDENTITY_EXW*)identity;
542 *pPassword = (const WCHAR*)id->Password;
543 *pPasswordLength = id->PasswordLength;
544 }
545 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
546 {
547 return FALSE; // TODO: packed credentials
548 }
549 else // SEC_WINNT_AUTH_IDENTITY
550 {
551 const SEC_WINNT_AUTH_IDENTITY_W* id = (const SEC_WINNT_AUTH_IDENTITY_W*)identity;
552 *pPassword = (const WCHAR*)id->Password;
553 *pPasswordLength = id->PasswordLength;
554 }
555
556 return TRUE;
557}
558
559BOOL sspi_GetAuthIdentityPasswordA(const void* identity, const char** pPassword,
560 UINT32* pPasswordLength)
561{
562 UINT32 version = 0;
563
564 if (!identity)
565 return FALSE;
566
567 version = sspi_GetAuthIdentityVersion(identity);
568
569 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
570 {
571 const SEC_WINNT_AUTH_IDENTITY_EXA* id = (const SEC_WINNT_AUTH_IDENTITY_EXA*)identity;
572 *pPassword = (const char*)id->Password;
573 *pPasswordLength = id->PasswordLength;
574 }
575 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
576 {
577 return FALSE; // TODO: packed credentials
578 }
579 else // SEC_WINNT_AUTH_IDENTITY
580 {
581 const SEC_WINNT_AUTH_IDENTITY_A* id = (const SEC_WINNT_AUTH_IDENTITY_A*)identity;
582 *pPassword = (const char*)id->Password;
583 *pPasswordLength = id->PasswordLength;
584 }
585
586 return TRUE;
587}
588
589BOOL sspi_CopyAuthIdentityFieldsA(const SEC_WINNT_AUTH_IDENTITY_INFO* identity, char** pUser,
590 char** pDomain, char** pPassword)
591{
592 BOOL success = FALSE;
593 const char* UserA = nullptr;
594 const char* DomainA = nullptr;
595 const char* PasswordA = nullptr;
596 const WCHAR* UserW = nullptr;
597 const WCHAR* DomainW = nullptr;
598 const WCHAR* PasswordW = nullptr;
599 UINT32 UserLength = 0;
600 UINT32 DomainLength = 0;
601 UINT32 PasswordLength = 0;
602
603 if (!identity || !pUser || !pDomain || !pPassword)
604 return FALSE;
605
606 *pUser = *pDomain = *pPassword = nullptr;
607
608 UINT32 identityFlags = sspi_GetAuthIdentityFlags(identity);
609
610 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
611 {
612 if (!sspi_GetAuthIdentityUserDomainA(identity, &UserA, &UserLength, &DomainA,
613 &DomainLength))
614 goto cleanup;
615
616 if (!sspi_GetAuthIdentityPasswordA(identity, &PasswordA, &PasswordLength))
617 goto cleanup;
618
619 if (UserA && UserLength)
620 {
621 *pUser = _strdup(UserA);
622
623 if (!(*pUser))
624 goto cleanup;
625 }
626
627 if (DomainA && DomainLength)
628 {
629 *pDomain = _strdup(DomainA);
630
631 if (!(*pDomain))
632 goto cleanup;
633 }
634
635 if (PasswordA && PasswordLength)
636 {
637 *pPassword = _strdup(PasswordA);
638
639 if (!(*pPassword))
640 goto cleanup;
641 }
642
643 success = TRUE;
644 }
645 else
646 {
647 if (!sspi_GetAuthIdentityUserDomainW(identity, &UserW, &UserLength, &DomainW,
648 &DomainLength))
649 goto cleanup;
650
651 if (!sspi_GetAuthIdentityPasswordW(identity, &PasswordW, &PasswordLength))
652 goto cleanup;
653
654 if (UserW && (UserLength > 0))
655 {
656 *pUser = ConvertWCharNToUtf8Alloc(UserW, UserLength, nullptr);
657 if (!(*pUser))
658 goto cleanup;
659 }
660
661 if (DomainW && (DomainLength > 0))
662 {
663 *pDomain = ConvertWCharNToUtf8Alloc(DomainW, DomainLength, nullptr);
664 if (!(*pDomain))
665 goto cleanup;
666 }
667
668 if (PasswordW && (PasswordLength > 0))
669 {
670 *pPassword = ConvertWCharNToUtf8Alloc(PasswordW, PasswordLength, nullptr);
671 if (!(*pPassword))
672 goto cleanup;
673 }
674
675 success = TRUE;
676 }
677
678cleanup:
679 return success;
680}
681
682BOOL sspi_CopyAuthIdentityFieldsW(const SEC_WINNT_AUTH_IDENTITY_INFO* identity, WCHAR** pUser,
683 WCHAR** pDomain, WCHAR** pPassword)
684{
685 BOOL success = FALSE;
686 const char* UserA = nullptr;
687 const char* DomainA = nullptr;
688 const char* PasswordA = nullptr;
689 const WCHAR* UserW = nullptr;
690 const WCHAR* DomainW = nullptr;
691 const WCHAR* PasswordW = nullptr;
692 UINT32 UserLength = 0;
693 UINT32 DomainLength = 0;
694 UINT32 PasswordLength = 0;
695
696 if (!identity || !pUser || !pDomain || !pPassword)
697 return FALSE;
698
699 *pUser = *pDomain = *pPassword = nullptr;
700
701 UINT32 identityFlags = sspi_GetAuthIdentityFlags(identity);
702
703 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
704 {
705 if (!sspi_GetAuthIdentityUserDomainA(identity, &UserA, &UserLength, &DomainA,
706 &DomainLength))
707 goto cleanup;
708
709 if (!sspi_GetAuthIdentityPasswordA(identity, &PasswordA, &PasswordLength))
710 goto cleanup;
711
712 if (UserA && (UserLength > 0))
713 {
714 WCHAR* ptr = ConvertUtf8NToWCharAlloc(UserA, UserLength, nullptr);
715 *pUser = ptr;
716
717 if (!ptr)
718 goto cleanup;
719 }
720
721 if (DomainA && (DomainLength > 0))
722 {
723 WCHAR* ptr = ConvertUtf8NToWCharAlloc(DomainA, DomainLength, nullptr);
724 *pDomain = ptr;
725 if (!ptr)
726 goto cleanup;
727 }
728
729 if (PasswordA && (PasswordLength > 0))
730 {
731 WCHAR* ptr = ConvertUtf8NToWCharAlloc(PasswordA, PasswordLength, nullptr);
732
733 *pPassword = ptr;
734 if (!ptr)
735 goto cleanup;
736 }
737
738 success = TRUE;
739 }
740 else
741 {
742 if (!sspi_GetAuthIdentityUserDomainW(identity, &UserW, &UserLength, &DomainW,
743 &DomainLength))
744 goto cleanup;
745
746 if (!sspi_GetAuthIdentityPasswordW(identity, &PasswordW, &PasswordLength))
747 goto cleanup;
748
749 if (UserW && UserLength)
750 {
751 *pUser = _wcsdup(UserW);
752
753 if (!(*pUser))
754 goto cleanup;
755 }
756
757 if (DomainW && DomainLength)
758 {
759 *pDomain = _wcsdup(DomainW);
760
761 if (!(*pDomain))
762 goto cleanup;
763 }
764
765 if (PasswordW && PasswordLength)
766 {
767 *pPassword = _wcsdup(PasswordW);
768
769 if (!(*pPassword))
770 goto cleanup;
771 }
772
773 success = TRUE;
774 }
775
776cleanup:
777 return success;
778}
779
780BOOL sspi_CopyAuthPackageListA(const SEC_WINNT_AUTH_IDENTITY_INFO* identity, char** pPackageList)
781{
782 UINT32 version = 0;
783 UINT32 identityFlags = 0;
784 char* PackageList = nullptr;
785 const char* PackageListA = nullptr;
786 const WCHAR* PackageListW = nullptr;
787 UINT32 PackageListLength = 0;
788 UINT32 PackageListOffset = 0;
789 const void* pAuthData = (const void*)identity;
790
791 if (!pAuthData)
792 return FALSE;
793
794 version = sspi_GetAuthIdentityVersion(pAuthData);
795 identityFlags = sspi_GetAuthIdentityFlags(pAuthData);
796
797 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
798 {
799 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
800 {
801 const SEC_WINNT_AUTH_IDENTITY_EXA* ad = (const SEC_WINNT_AUTH_IDENTITY_EXA*)pAuthData;
802 PackageListA = (const char*)ad->PackageList;
803 PackageListLength = ad->PackageListLength;
804 }
805
806 if (PackageListA && PackageListLength)
807 {
808 PackageList = _strdup(PackageListA);
809 }
810 }
811 else
812 {
813 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
814 {
815 const SEC_WINNT_AUTH_IDENTITY_EXW* ad = (const SEC_WINNT_AUTH_IDENTITY_EXW*)pAuthData;
816 PackageListW = (const WCHAR*)ad->PackageList;
817 PackageListLength = ad->PackageListLength;
818 }
819 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
820 {
821 const SEC_WINNT_AUTH_IDENTITY_EX2* ad = (const SEC_WINNT_AUTH_IDENTITY_EX2*)pAuthData;
822 PackageListOffset = ad->PackageListOffset;
823 PackageListW = (const WCHAR*)&((const uint8_t*)pAuthData)[PackageListOffset];
824 PackageListLength = ad->PackageListLength / 2;
825 }
826
827 if (PackageListW && (PackageListLength > 0))
828 PackageList = ConvertWCharNToUtf8Alloc(PackageListW, PackageListLength, nullptr);
829 }
830
831 if (PackageList)
832 {
833 *pPackageList = PackageList;
834 return TRUE;
835 }
836
837 return FALSE;
838}
839
840int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity,
841 const SEC_WINNT_AUTH_IDENTITY_INFO* srcIdentity)
842{
843 int status = 0;
844 UINT32 identityFlags = 0;
845 const char* UserA = nullptr;
846 const char* DomainA = nullptr;
847 const char* PasswordA = nullptr;
848 const WCHAR* UserW = nullptr;
849 const WCHAR* DomainW = nullptr;
850 const WCHAR* PasswordW = nullptr;
851 UINT32 UserLength = 0;
852 UINT32 DomainLength = 0;
853 UINT32 PasswordLength = 0;
854
855 sspi_FreeAuthIdentity(identity);
856
857 identityFlags = sspi_GetAuthIdentityFlags(srcIdentity);
858
859 identity->Flags = identityFlags;
860
861 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
862 {
863 if (!sspi_GetAuthIdentityUserDomainA(srcIdentity, &UserA, &UserLength, &DomainA,
864 &DomainLength))
865 {
866 return -1;
867 }
868
869 if (!sspi_GetAuthIdentityPasswordA(srcIdentity, &PasswordA, &PasswordLength))
870 {
871 return -1;
872 }
873
874 status = sspi_SetAuthIdentity(identity, UserA, DomainA, PasswordA);
875
876 if (status <= 0)
877 return -1;
878
879 identity->Flags &= (uint32_t)~SEC_WINNT_AUTH_IDENTITY_ANSI;
880 identity->Flags |= SEC_WINNT_AUTH_IDENTITY_UNICODE;
881 return 1;
882 }
883
884 identity->Flags |= SEC_WINNT_AUTH_IDENTITY_UNICODE;
885
886 if (!sspi_GetAuthIdentityUserDomainW(srcIdentity, &UserW, &UserLength, &DomainW, &DomainLength))
887 {
888 return -1;
889 }
890
891 if (!sspi_GetAuthIdentityPasswordW(srcIdentity, &PasswordW, &PasswordLength))
892 {
893 return -1;
894 }
895
896 /* login/password authentication */
897 identity->UserLength = UserLength;
898
899 if (identity->UserLength > 0)
900 {
901 identity->User = (UINT16*)calloc((identity->UserLength + 1), sizeof(WCHAR));
902
903 if (!identity->User)
904 return -1;
905
906 CopyMemory(identity->User, UserW, identity->UserLength * sizeof(WCHAR));
907 identity->User[identity->UserLength] = 0;
908 }
909
910 identity->DomainLength = DomainLength;
911
912 if (identity->DomainLength > 0)
913 {
914 identity->Domain = (UINT16*)calloc((identity->DomainLength + 1), sizeof(WCHAR));
915
916 if (!identity->Domain)
917 return -1;
918
919 CopyMemory(identity->Domain, DomainW, identity->DomainLength * sizeof(WCHAR));
920 identity->Domain[identity->DomainLength] = 0;
921 }
922
923 identity->PasswordLength = PasswordLength;
924
925 if (identity->PasswordLength > SSPI_CREDENTIALS_HASH_LENGTH_OFFSET)
926 identity->PasswordLength -= SSPI_CREDENTIALS_HASH_LENGTH_OFFSET;
927
928 if (PasswordW)
929 {
930 identity->Password = (UINT16*)calloc((identity->PasswordLength + 1), sizeof(WCHAR));
931
932 if (!identity->Password)
933 return -1;
934
935 CopyMemory(identity->Password, PasswordW, identity->PasswordLength * sizeof(WCHAR));
936 identity->Password[identity->PasswordLength] = 0;
937 }
938
939 identity->PasswordLength = PasswordLength;
940 /* End of login/password authentication */
941 return 1;
942}
943
944PSecBuffer sspi_FindSecBuffer(PSecBufferDesc pMessage, ULONG BufferType)
945{
946 PSecBuffer pSecBuffer = nullptr;
947
948 for (UINT32 index = 0; index < pMessage->cBuffers; index++)
949 {
950 if (pMessage->pBuffers[index].BufferType == BufferType)
951 {
952 pSecBuffer = &pMessage->pBuffers[index];
953 break;
954 }
955 }
956
957 return pSecBuffer;
958}
959
960static BOOL WINPR_init(void)
961{
962
963 for (size_t x = 0; x < ARRAYSIZE(SecurityFunctionTableA_NAME_LIST); x++)
964 {
965 const SecurityFunctionTableA_NAME* cur = &SecurityFunctionTableA_NAME_LIST[x];
966 InitializeConstWCharFromUtf8(cur->Name, BUFFER_NAME_LIST_W[x],
967 ARRAYSIZE(BUFFER_NAME_LIST_W[x]));
968 }
969 return TRUE;
970}
971
972static BOOL CALLBACK sspi_init(WINPR_ATTR_UNUSED PINIT_ONCE InitOnce,
973 WINPR_ATTR_UNUSED PVOID Parameter, WINPR_ATTR_UNUSED PVOID* Context)
974{
975 if (!winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT))
976 return FALSE;
977 sspi_ContextBufferAllocTableNew();
978 if (!SCHANNEL_init())
979 return FALSE;
980 if (!KERBEROS_init())
981 return FALSE;
982 if (!NTLM_init())
983 return FALSE;
984 if (!CREDSSP_init())
985 return FALSE;
986 if (!NEGOTIATE_init())
987 return FALSE;
988 return WINPR_init();
989}
990
991void sspi_GlobalInit(void)
992{
993 static INIT_ONCE once = INIT_ONCE_STATIC_INIT;
994 DWORD flags = 0;
995 (void)InitOnceExecuteOnce(&once, sspi_init, &flags, nullptr);
996}
997
998void sspi_GlobalFinish(void)
999{
1000 sspi_ContextBufferAllocTableFree();
1001}
1002
1003static const SecurityFunctionTableA* sspi_GetSecurityFunctionTableAByNameA(const SEC_CHAR* Name)
1004{
1005 size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1006
1007 for (size_t index = 0; index < cPackages; index++)
1008 {
1009 if (strcmp(Name, SecurityFunctionTableA_NAME_LIST[index].Name) == 0)
1010 {
1011 return SecurityFunctionTableA_NAME_LIST[index].SecurityFunctionTable;
1012 }
1013 }
1014
1015 return nullptr;
1016}
1017
1018static const SecurityFunctionTableW* sspi_GetSecurityFunctionTableWByNameW(const SEC_WCHAR* Name)
1019{
1020 size_t cPackages = ARRAYSIZE(SecPkgInfoW_LIST);
1021
1022 for (size_t index = 0; index < cPackages; index++)
1023 {
1024 if (_wcscmp(Name, SecurityFunctionTableW_NAME_LIST[index].Name) == 0)
1025 {
1026 return SecurityFunctionTableW_NAME_LIST[index].SecurityFunctionTable;
1027 }
1028 }
1029
1030 return nullptr;
1031}
1032
1033static const SecurityFunctionTableW* sspi_GetSecurityFunctionTableWByNameA(const SEC_CHAR* Name)
1034{
1035 SEC_WCHAR* NameW = nullptr;
1036 const SecurityFunctionTableW* table = nullptr;
1037
1038 if (!Name)
1039 return nullptr;
1040
1041 NameW = ConvertUtf8ToWCharAlloc(Name, nullptr);
1042
1043 if (!NameW)
1044 return nullptr;
1045
1046 table = sspi_GetSecurityFunctionTableWByNameW(NameW);
1047 free(NameW);
1048 return table;
1049}
1050
1051static void FreeContextBuffer_EnumerateSecurityPackages(void* contextBuffer);
1052static void FreeContextBuffer_QuerySecurityPackageInfo(void* contextBuffer);
1053
1054void sspi_ContextBufferFree(void* contextBuffer)
1055{
1056 UINT32 allocatorIndex = 0;
1057
1058 for (size_t index = 0; index < ContextBufferAllocTable.cMaxEntries; index++)
1059 {
1060 if (contextBuffer == ContextBufferAllocTable.entries[index].contextBuffer)
1061 {
1062 contextBuffer = ContextBufferAllocTable.entries[index].contextBuffer;
1063 allocatorIndex = ContextBufferAllocTable.entries[index].allocatorIndex;
1064 ContextBufferAllocTable.cEntries--;
1065 ContextBufferAllocTable.entries[index].allocatorIndex = 0;
1066 ContextBufferAllocTable.entries[index].contextBuffer = nullptr;
1067
1068 switch (allocatorIndex)
1069 {
1070 case EnumerateSecurityPackagesIndex:
1071 FreeContextBuffer_EnumerateSecurityPackages(contextBuffer);
1072 break;
1073
1074 case QuerySecurityPackageInfoIndex:
1075 FreeContextBuffer_QuerySecurityPackageInfo(contextBuffer);
1076 break;
1077 default:
1078 break;
1079 }
1080 }
1081 }
1082}
1083
1088/* Package Management */
1089
1090static SECURITY_STATUS SEC_ENTRY winpr_EnumerateSecurityPackagesW(ULONG* pcPackages,
1091 PSecPkgInfoW* ppPackageInfo)
1092{
1093 const size_t cPackages = ARRAYSIZE(SecPkgInfoW_LIST);
1094 const size_t size = sizeof(SecPkgInfoW) * cPackages;
1095 SecPkgInfoW* pPackageInfo =
1096 (SecPkgInfoW*)sspi_ContextBufferAlloc(EnumerateSecurityPackagesIndex, size);
1097
1098 WINPR_ASSERT(cPackages <= UINT32_MAX);
1099
1100 if (!pPackageInfo)
1101 return SEC_E_INSUFFICIENT_MEMORY;
1102
1103 for (size_t index = 0; index < cPackages; index++)
1104 {
1105 pPackageInfo[index].fCapabilities = SecPkgInfoW_LIST[index]->fCapabilities;
1106 pPackageInfo[index].wVersion = SecPkgInfoW_LIST[index]->wVersion;
1107 pPackageInfo[index].wRPCID = SecPkgInfoW_LIST[index]->wRPCID;
1108 pPackageInfo[index].cbMaxToken = SecPkgInfoW_LIST[index]->cbMaxToken;
1109 pPackageInfo[index].Name = _wcsdup(SecPkgInfoW_LIST[index]->Name);
1110 pPackageInfo[index].Comment = _wcsdup(SecPkgInfoW_LIST[index]->Comment);
1111 }
1112
1113 *(pcPackages) = (UINT32)cPackages;
1114 *(ppPackageInfo) = pPackageInfo;
1115 return SEC_E_OK;
1116}
1117
1118static SECURITY_STATUS SEC_ENTRY winpr_EnumerateSecurityPackagesA(ULONG* pcPackages,
1119 PSecPkgInfoA* ppPackageInfo)
1120{
1121 const size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1122 const size_t size = sizeof(SecPkgInfoA) * cPackages;
1123 SecPkgInfoA* pPackageInfo =
1124 (SecPkgInfoA*)sspi_ContextBufferAlloc(EnumerateSecurityPackagesIndex, size);
1125
1126 WINPR_ASSERT(cPackages <= UINT32_MAX);
1127
1128 if (!pPackageInfo)
1129 return SEC_E_INSUFFICIENT_MEMORY;
1130
1131 for (size_t index = 0; index < cPackages; index++)
1132 {
1133 pPackageInfo[index].fCapabilities = SecPkgInfoA_LIST[index]->fCapabilities;
1134 pPackageInfo[index].wVersion = SecPkgInfoA_LIST[index]->wVersion;
1135 pPackageInfo[index].wRPCID = SecPkgInfoA_LIST[index]->wRPCID;
1136 pPackageInfo[index].cbMaxToken = SecPkgInfoA_LIST[index]->cbMaxToken;
1137 pPackageInfo[index].Name = _strdup(SecPkgInfoA_LIST[index]->Name);
1138 pPackageInfo[index].Comment = _strdup(SecPkgInfoA_LIST[index]->Comment);
1139
1140 if (!pPackageInfo[index].Name || !pPackageInfo[index].Comment)
1141 {
1142 sspi_ContextBufferFree(pPackageInfo);
1143 return SEC_E_INSUFFICIENT_MEMORY;
1144 }
1145 }
1146
1147 *(pcPackages) = (UINT32)cPackages;
1148 *(ppPackageInfo) = pPackageInfo;
1149 return SEC_E_OK;
1150}
1151
1152static void FreeContextBuffer_EnumerateSecurityPackages(void* contextBuffer)
1153{
1154 SecPkgInfoA* pPackageInfo = (SecPkgInfoA*)contextBuffer;
1155 size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1156
1157 if (!pPackageInfo)
1158 return;
1159
1160 for (size_t index = 0; index < cPackages; index++)
1161 {
1162 free(pPackageInfo[index].Name);
1163 free(pPackageInfo[index].Comment);
1164 }
1165
1166 free(pPackageInfo);
1167}
1168
1169static SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName,
1170 PSecPkgInfoW* ppPackageInfo)
1171{
1172 size_t cPackages = ARRAYSIZE(SecPkgInfoW_LIST);
1173
1174 for (size_t index = 0; index < cPackages; index++)
1175 {
1176 if (_wcscmp(pszPackageName, SecPkgInfoW_LIST[index]->Name) == 0)
1177 {
1178 size_t size = sizeof(SecPkgInfoW);
1179 SecPkgInfoW* pPackageInfo =
1180 (SecPkgInfoW*)sspi_ContextBufferAlloc(QuerySecurityPackageInfoIndex, size);
1181
1182 if (!pPackageInfo)
1183 return SEC_E_INSUFFICIENT_MEMORY;
1184
1185 pPackageInfo->fCapabilities = SecPkgInfoW_LIST[index]->fCapabilities;
1186 pPackageInfo->wVersion = SecPkgInfoW_LIST[index]->wVersion;
1187 pPackageInfo->wRPCID = SecPkgInfoW_LIST[index]->wRPCID;
1188 pPackageInfo->cbMaxToken = SecPkgInfoW_LIST[index]->cbMaxToken;
1189 pPackageInfo->Name = _wcsdup(SecPkgInfoW_LIST[index]->Name);
1190 pPackageInfo->Comment = _wcsdup(SecPkgInfoW_LIST[index]->Comment);
1191 *(ppPackageInfo) = pPackageInfo;
1192 return SEC_E_OK;
1193 }
1194 }
1195
1196 *(ppPackageInfo) = nullptr;
1197 return SEC_E_SECPKG_NOT_FOUND;
1198}
1199
1200static SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName,
1201 PSecPkgInfoA* ppPackageInfo)
1202{
1203 size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1204
1205 for (size_t index = 0; index < cPackages; index++)
1206 {
1207 if (strcmp(pszPackageName, SecPkgInfoA_LIST[index]->Name) == 0)
1208 {
1209 size_t size = sizeof(SecPkgInfoA);
1210 SecPkgInfoA* pPackageInfo =
1211 (SecPkgInfoA*)sspi_ContextBufferAlloc(QuerySecurityPackageInfoIndex, size);
1212
1213 if (!pPackageInfo)
1214 return SEC_E_INSUFFICIENT_MEMORY;
1215
1216 pPackageInfo->fCapabilities = SecPkgInfoA_LIST[index]->fCapabilities;
1217 pPackageInfo->wVersion = SecPkgInfoA_LIST[index]->wVersion;
1218 pPackageInfo->wRPCID = SecPkgInfoA_LIST[index]->wRPCID;
1219 pPackageInfo->cbMaxToken = SecPkgInfoA_LIST[index]->cbMaxToken;
1220 pPackageInfo->Name = _strdup(SecPkgInfoA_LIST[index]->Name);
1221 pPackageInfo->Comment = _strdup(SecPkgInfoA_LIST[index]->Comment);
1222
1223 if (!pPackageInfo->Name || !pPackageInfo->Comment)
1224 {
1225 sspi_ContextBufferFree(pPackageInfo);
1226 return SEC_E_INSUFFICIENT_MEMORY;
1227 }
1228
1229 *(ppPackageInfo) = pPackageInfo;
1230 return SEC_E_OK;
1231 }
1232 }
1233
1234 *(ppPackageInfo) = nullptr;
1235 return SEC_E_SECPKG_NOT_FOUND;
1236}
1237
1238void FreeContextBuffer_QuerySecurityPackageInfo(void* contextBuffer)
1239{
1240 SecPkgInfo* pPackageInfo = (SecPkgInfo*)contextBuffer;
1241
1242 if (!pPackageInfo)
1243 return;
1244
1245 free(pPackageInfo->Name);
1246 free(pPackageInfo->Comment);
1247 free(pPackageInfo);
1248}
1249
1250#define log_status(what, status) log_status_((what), (status), __FILE__, __func__, __LINE__)
1251static SECURITY_STATUS log_status_(const char* what, SECURITY_STATUS status, const char* file,
1252 const char* fkt, size_t line)
1253{
1254 if (IsSecurityStatusError(status))
1255 {
1256 const DWORD level = WLOG_WARN;
1257 static wLog* log = nullptr;
1258 if (!log)
1259 log = WLog_Get(TAG);
1260
1261 if (WLog_IsLevelActive(log, level))
1262 {
1263 WLog_PrintTextMessage(log, level, line, file, fkt, "%s status %s [0x%08" PRIx32 "]",
1264 what, GetSecurityStatusString(status),
1265 WINPR_CXX_COMPAT_CAST(uint32_t, status));
1266 }
1267 }
1268 return status;
1269}
1270
1271/* Credential Management */
1272
1273static SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleW(
1274 SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
1275 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
1276 PTimeStamp ptsExpiry)
1277{
1278 SECURITY_STATUS status = 0;
1279 const SecurityFunctionTableW* table = sspi_GetSecurityFunctionTableWByNameW(pszPackage);
1280
1281 if (!table)
1282 return SEC_E_SECPKG_NOT_FOUND;
1283
1284 if (!table->AcquireCredentialsHandleW)
1285 {
1286 WLog_WARN(TAG, "Security module does not provide an implementation");
1287 return SEC_E_UNSUPPORTED_FUNCTION;
1288 }
1289
1290 status = table->AcquireCredentialsHandleW(pszPrincipal, pszPackage, fCredentialUse, pvLogonID,
1291 pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential,
1292 ptsExpiry);
1293 return log_status("AcquireCredentialsHandleW", status);
1294}
1295
1296static SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleA(
1297 SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
1298 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
1299 PTimeStamp ptsExpiry)
1300{
1301 SECURITY_STATUS status = 0;
1302 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(pszPackage);
1303
1304 if (!table)
1305 return SEC_E_SECPKG_NOT_FOUND;
1306
1307 if (!table->AcquireCredentialsHandleA)
1308 {
1309 WLog_WARN(TAG, "Security module does not provide an implementation");
1310 return SEC_E_UNSUPPORTED_FUNCTION;
1311 }
1312
1313 status = table->AcquireCredentialsHandleA(pszPrincipal, pszPackage, fCredentialUse, pvLogonID,
1314 pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential,
1315 ptsExpiry);
1316 return log_status("AcquireCredentialsHandleA", status);
1317}
1318
1319static SECURITY_STATUS SEC_ENTRY winpr_ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags,
1320 PSecBuffer pPackedContext,
1321 HANDLE* pToken)
1322{
1323 SEC_CHAR* Name = nullptr;
1324 SECURITY_STATUS status = 0;
1325 const SecurityFunctionTableW* table = nullptr;
1326 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1327
1328 if (!Name)
1329 return SEC_E_SECPKG_NOT_FOUND;
1330
1331 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1332
1333 if (!table)
1334 return SEC_E_SECPKG_NOT_FOUND;
1335
1336 if (!table->ExportSecurityContext)
1337 {
1338 WLog_WARN(TAG, "Security module does not provide an implementation");
1339 return SEC_E_UNSUPPORTED_FUNCTION;
1340 }
1341
1342 status = table->ExportSecurityContext(phContext, fFlags, pPackedContext, pToken);
1343 return log_status("ExportSecurityContext", status);
1344}
1345
1346static SECURITY_STATUS SEC_ENTRY winpr_FreeCredentialsHandle(PCredHandle phCredential)
1347{
1348 char* Name = nullptr;
1349 SECURITY_STATUS status = 0;
1350 const SecurityFunctionTableA* table = nullptr;
1351 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1352
1353 if (!Name)
1354 return SEC_E_SECPKG_NOT_FOUND;
1355
1356 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1357
1358 if (!table)
1359 return SEC_E_SECPKG_NOT_FOUND;
1360
1361 if (!table->FreeCredentialsHandle)
1362 {
1363 WLog_WARN(TAG, "Security module does not provide an implementation");
1364 return SEC_E_UNSUPPORTED_FUNCTION;
1365 }
1366
1367 status = table->FreeCredentialsHandle(phCredential);
1368 return log_status("FreeCredentialsHandle", status);
1369}
1370
1371static SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextW(SEC_WCHAR* pszPackage,
1372 PSecBuffer pPackedContext,
1373 HANDLE pToken, PCtxtHandle phContext)
1374{
1375 SEC_CHAR* Name = nullptr;
1376 SECURITY_STATUS status = 0;
1377 const SecurityFunctionTableW* table = nullptr;
1378 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1379
1380 if (!Name)
1381 return SEC_E_SECPKG_NOT_FOUND;
1382
1383 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1384
1385 if (!table)
1386 return SEC_E_SECPKG_NOT_FOUND;
1387
1388 if (!table->ImportSecurityContextW)
1389 {
1390 WLog_WARN(TAG, "Security module does not provide an implementation");
1391 return SEC_E_UNSUPPORTED_FUNCTION;
1392 }
1393
1394 status = table->ImportSecurityContextW(pszPackage, pPackedContext, pToken, phContext);
1395 return log_status("ImportSecurityContextW", status);
1396}
1397
1398static SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextA(SEC_CHAR* pszPackage,
1399 PSecBuffer pPackedContext,
1400 HANDLE pToken, PCtxtHandle phContext)
1401{
1402 char* Name = nullptr;
1403 SECURITY_STATUS status = 0;
1404 const SecurityFunctionTableA* table = nullptr;
1405 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1406
1407 if (!Name)
1408 return SEC_E_SECPKG_NOT_FOUND;
1409
1410 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1411
1412 if (!table)
1413 return SEC_E_SECPKG_NOT_FOUND;
1414
1415 if (!table->ImportSecurityContextA)
1416 {
1417 WLog_WARN(TAG, "Security module does not provide an implementation");
1418 return SEC_E_UNSUPPORTED_FUNCTION;
1419 }
1420
1421 status = table->ImportSecurityContextA(pszPackage, pPackedContext, pToken, phContext);
1422 return log_status("ImportSecurityContextA", status);
1423}
1424
1425static SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesW(PCredHandle phCredential,
1426 ULONG ulAttribute, void* pBuffer)
1427{
1428 SEC_WCHAR* Name = nullptr;
1429 SECURITY_STATUS status = 0;
1430 const SecurityFunctionTableW* table = nullptr;
1431 Name = (SEC_WCHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1432
1433 if (!Name)
1434 return SEC_E_SECPKG_NOT_FOUND;
1435
1436 table = sspi_GetSecurityFunctionTableWByNameW(Name);
1437
1438 if (!table)
1439 return SEC_E_SECPKG_NOT_FOUND;
1440
1441 if (!table->QueryCredentialsAttributesW)
1442 {
1443 WLog_WARN(TAG, "Security module does not provide an implementation");
1444 return SEC_E_UNSUPPORTED_FUNCTION;
1445 }
1446
1447 status = table->QueryCredentialsAttributesW(phCredential, ulAttribute, pBuffer);
1448 return log_status("QueryCredentialsAttributesW", status);
1449}
1450
1451static SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesA(PCredHandle phCredential,
1452 ULONG ulAttribute, void* pBuffer)
1453{
1454 char* Name = nullptr;
1455 SECURITY_STATUS status = 0;
1456 const SecurityFunctionTableA* table = nullptr;
1457 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1458
1459 if (!Name)
1460 return SEC_E_SECPKG_NOT_FOUND;
1461
1462 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1463
1464 if (!table)
1465 return SEC_E_SECPKG_NOT_FOUND;
1466
1467 if (!table->QueryCredentialsAttributesA)
1468 {
1469 WLog_WARN(TAG, "Security module does not provide an implementation");
1470 return SEC_E_UNSUPPORTED_FUNCTION;
1471 }
1472
1473 status = table->QueryCredentialsAttributesA(phCredential, ulAttribute, pBuffer);
1474 return log_status("QueryCredentialsAttributesA", status);
1475}
1476
1477static SECURITY_STATUS SEC_ENTRY winpr_SetCredentialsAttributesW(PCredHandle phCredential,
1478 ULONG ulAttribute, void* pBuffer,
1479 ULONG cbBuffer)
1480{
1481 SEC_WCHAR* Name = nullptr;
1482 SECURITY_STATUS status = 0;
1483 const SecurityFunctionTableW* table = nullptr;
1484 Name = (SEC_WCHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1485
1486 if (!Name)
1487 return SEC_E_SECPKG_NOT_FOUND;
1488
1489 table = sspi_GetSecurityFunctionTableWByNameW(Name);
1490
1491 if (!table)
1492 return SEC_E_SECPKG_NOT_FOUND;
1493
1494 if (!table->SetCredentialsAttributesW)
1495 {
1496 WLog_WARN(TAG, "Security module does not provide an implementation");
1497 return SEC_E_UNSUPPORTED_FUNCTION;
1498 }
1499
1500 status = table->SetCredentialsAttributesW(phCredential, ulAttribute, pBuffer, cbBuffer);
1501 return log_status("SetCredentialsAttributesW", status);
1502}
1503
1504static SECURITY_STATUS SEC_ENTRY winpr_SetCredentialsAttributesA(PCredHandle phCredential,
1505 ULONG ulAttribute, void* pBuffer,
1506 ULONG cbBuffer)
1507{
1508 char* Name = nullptr;
1509 SECURITY_STATUS status = 0;
1510 const SecurityFunctionTableA* table = nullptr;
1511 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1512
1513 if (!Name)
1514 return SEC_E_SECPKG_NOT_FOUND;
1515
1516 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1517
1518 if (!table)
1519 return SEC_E_SECPKG_NOT_FOUND;
1520
1521 if (!table->SetCredentialsAttributesA)
1522 {
1523 WLog_WARN(TAG, "Security module does not provide an implementation");
1524 return SEC_E_UNSUPPORTED_FUNCTION;
1525 }
1526
1527 status = table->SetCredentialsAttributesA(phCredential, ulAttribute, pBuffer, cbBuffer);
1528 return log_status("SetCredentialsAttributesA", status);
1529}
1530
1531/* Context Management */
1532
1533static SECURITY_STATUS SEC_ENTRY
1534winpr_AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
1535 ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
1536 PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
1537{
1538 char* Name = nullptr;
1539 SECURITY_STATUS status = 0;
1540 const SecurityFunctionTableA* table = nullptr;
1541 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1542
1543 if (!Name)
1544 return SEC_E_SECPKG_NOT_FOUND;
1545
1546 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1547
1548 if (!table)
1549 return SEC_E_SECPKG_NOT_FOUND;
1550
1551 if (!table->AcceptSecurityContext)
1552 {
1553 WLog_WARN(TAG, "Security module does not provide an implementation");
1554 return SEC_E_UNSUPPORTED_FUNCTION;
1555 }
1556
1557 status =
1558 table->AcceptSecurityContext(phCredential, phContext, pInput, fContextReq, TargetDataRep,
1559 phNewContext, pOutput, pfContextAttr, ptsTimeStamp);
1560 return log_status("AcceptSecurityContext", status);
1561}
1562
1563static SECURITY_STATUS SEC_ENTRY winpr_ApplyControlToken(PCtxtHandle phContext,
1564 PSecBufferDesc pInput)
1565{
1566 char* Name = nullptr;
1567 SECURITY_STATUS status = 0;
1568 const SecurityFunctionTableA* table = nullptr;
1569 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1570
1571 if (!Name)
1572 return SEC_E_SECPKG_NOT_FOUND;
1573
1574 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1575
1576 if (!table)
1577 return SEC_E_SECPKG_NOT_FOUND;
1578
1579 if (!table->ApplyControlToken)
1580 {
1581 WLog_WARN(TAG, "Security module does not provide an implementation");
1582 return SEC_E_UNSUPPORTED_FUNCTION;
1583 }
1584
1585 status = table->ApplyControlToken(phContext, pInput);
1586 return log_status("ApplyControlToken", status);
1587}
1588
1589static SECURITY_STATUS SEC_ENTRY winpr_CompleteAuthToken(PCtxtHandle phContext,
1590 PSecBufferDesc pToken)
1591{
1592 char* Name = nullptr;
1593 SECURITY_STATUS status = 0;
1594 const SecurityFunctionTableA* table = nullptr;
1595 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1596
1597 if (!Name)
1598 return SEC_E_SECPKG_NOT_FOUND;
1599
1600 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1601
1602 if (!table)
1603 return SEC_E_SECPKG_NOT_FOUND;
1604
1605 if (!table->CompleteAuthToken)
1606 {
1607 WLog_WARN(TAG, "Security module does not provide an implementation");
1608 return SEC_E_UNSUPPORTED_FUNCTION;
1609 }
1610
1611 status = table->CompleteAuthToken(phContext, pToken);
1612 return log_status("CompleteAuthToken", status);
1613}
1614
1615static SECURITY_STATUS SEC_ENTRY winpr_DeleteSecurityContext(PCtxtHandle phContext)
1616{
1617 const char* Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1618
1619 if (!Name)
1620 return SEC_E_SECPKG_NOT_FOUND;
1621
1622 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(Name);
1623
1624 if (!table)
1625 return SEC_E_SECPKG_NOT_FOUND;
1626
1627 if (!table->DeleteSecurityContext)
1628 {
1629 WLog_WARN(TAG, "Security module does not provide an implementation");
1630 return SEC_E_UNSUPPORTED_FUNCTION;
1631 }
1632
1633 const SECURITY_STATUS status = table->DeleteSecurityContext(phContext);
1634 return log_status("DeleteSecurityContext", status);
1635}
1636
1637static SECURITY_STATUS SEC_ENTRY winpr_FreeContextBuffer(void* pvContextBuffer)
1638{
1639 if (!pvContextBuffer)
1640 return SEC_E_INVALID_HANDLE;
1641
1642 sspi_ContextBufferFree(pvContextBuffer);
1643 return SEC_E_OK;
1644}
1645
1646static SECURITY_STATUS SEC_ENTRY winpr_ImpersonateSecurityContext(PCtxtHandle phContext)
1647{
1648 SEC_CHAR* Name = nullptr;
1649 SECURITY_STATUS status = 0;
1650 const SecurityFunctionTableW* table = nullptr;
1651 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1652
1653 if (!Name)
1654 return SEC_E_SECPKG_NOT_FOUND;
1655
1656 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1657
1658 if (!table)
1659 return SEC_E_SECPKG_NOT_FOUND;
1660
1661 if (!table->ImpersonateSecurityContext)
1662 {
1663 WLog_WARN(TAG, "Security module does not provide an implementation");
1664 return SEC_E_UNSUPPORTED_FUNCTION;
1665 }
1666
1667 status = table->ImpersonateSecurityContext(phContext);
1668 return log_status("ImpersonateSecurityContext", status);
1669}
1670
1671static SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextW(
1672 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq,
1673 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
1674 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
1675{
1676 SEC_CHAR* Name = nullptr;
1677 SECURITY_STATUS status = 0;
1678 const SecurityFunctionTableW* table = nullptr;
1679 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1680
1681 if (!Name)
1682 return SEC_E_SECPKG_NOT_FOUND;
1683
1684 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1685
1686 if (!table)
1687 return SEC_E_SECPKG_NOT_FOUND;
1688
1689 if (!table->InitializeSecurityContextW)
1690 {
1691 WLog_WARN(TAG, "Security module does not provide an implementation");
1692 return SEC_E_UNSUPPORTED_FUNCTION;
1693 }
1694
1695 status = table->InitializeSecurityContextW(phCredential, phContext, pszTargetName, fContextReq,
1696 Reserved1, TargetDataRep, pInput, Reserved2,
1697 phNewContext, pOutput, pfContextAttr, ptsExpiry);
1698 return log_status("InitializeSecurityContextW", status);
1699}
1700
1701static SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextA(
1702 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq,
1703 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
1704 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
1705{
1706 SEC_CHAR* Name = nullptr;
1707 SECURITY_STATUS status = 0;
1708 const SecurityFunctionTableA* table = nullptr;
1709 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1710
1711 if (!Name)
1712 return SEC_E_SECPKG_NOT_FOUND;
1713
1714 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1715
1716 if (!table)
1717 return SEC_E_SECPKG_NOT_FOUND;
1718
1719 if (!table->InitializeSecurityContextA)
1720 {
1721 WLog_WARN(TAG, "Security module does not provide an implementation");
1722 return SEC_E_UNSUPPORTED_FUNCTION;
1723 }
1724
1725 status = table->InitializeSecurityContextA(phCredential, phContext, pszTargetName, fContextReq,
1726 Reserved1, TargetDataRep, pInput, Reserved2,
1727 phNewContext, pOutput, pfContextAttr, ptsExpiry);
1728
1729 return log_status("InitializeSecurityContextA", status);
1730}
1731
1732static SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesW(PCtxtHandle phContext,
1733 ULONG ulAttribute, void* pBuffer)
1734{
1735 SEC_CHAR* Name = nullptr;
1736 SECURITY_STATUS status = 0;
1737 const SecurityFunctionTableW* table = nullptr;
1738 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1739
1740 if (!Name)
1741 return SEC_E_SECPKG_NOT_FOUND;
1742
1743 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1744
1745 if (!table)
1746 return SEC_E_SECPKG_NOT_FOUND;
1747
1748 if (!table->QueryContextAttributesW)
1749 {
1750 WLog_WARN(TAG, "Security module does not provide an implementation");
1751 return SEC_E_UNSUPPORTED_FUNCTION;
1752 }
1753
1754 status = table->QueryContextAttributesW(phContext, ulAttribute, pBuffer);
1755 return log_status("QueryContextAttributesW", status);
1756}
1757
1758static SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesA(PCtxtHandle phContext,
1759 ULONG ulAttribute, void* pBuffer)
1760{
1761 SEC_CHAR* Name = nullptr;
1762 SECURITY_STATUS status = 0;
1763 const SecurityFunctionTableA* table = nullptr;
1764 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1765
1766 if (!Name)
1767 return SEC_E_SECPKG_NOT_FOUND;
1768
1769 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1770
1771 if (!table)
1772 return SEC_E_SECPKG_NOT_FOUND;
1773
1774 if (!table->QueryContextAttributesA)
1775 {
1776 WLog_WARN(TAG, "Security module does not provide an implementation");
1777 return SEC_E_UNSUPPORTED_FUNCTION;
1778 }
1779
1780 status = table->QueryContextAttributesA(phContext, ulAttribute, pBuffer);
1781 return log_status("QueryContextAttributesA", status);
1782}
1783
1784static SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityContextToken(PCtxtHandle phContext,
1785 HANDLE* phToken)
1786{
1787 SEC_CHAR* Name = nullptr;
1788 SECURITY_STATUS status = 0;
1789 const SecurityFunctionTableW* table = nullptr;
1790 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1791
1792 if (!Name)
1793 return SEC_E_SECPKG_NOT_FOUND;
1794
1795 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1796
1797 if (!table)
1798 return SEC_E_SECPKG_NOT_FOUND;
1799
1800 if (!table->QuerySecurityContextToken)
1801 {
1802 WLog_WARN(TAG, "Security module does not provide an implementation");
1803 return SEC_E_UNSUPPORTED_FUNCTION;
1804 }
1805
1806 status = table->QuerySecurityContextToken(phContext, phToken);
1807 return log_status("QuerySecurityContextToken", status);
1808}
1809
1810static SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesW(PCtxtHandle phContext,
1811 ULONG ulAttribute, void* pBuffer,
1812 ULONG cbBuffer)
1813{
1814 SEC_CHAR* Name = nullptr;
1815 SECURITY_STATUS status = 0;
1816 const SecurityFunctionTableW* table = nullptr;
1817 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1818
1819 if (!Name)
1820 return SEC_E_SECPKG_NOT_FOUND;
1821
1822 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1823
1824 if (!table)
1825 return SEC_E_SECPKG_NOT_FOUND;
1826
1827 if (!table->SetContextAttributesW)
1828 {
1829 WLog_WARN(TAG, "Security module does not provide an implementation");
1830 return SEC_E_UNSUPPORTED_FUNCTION;
1831 }
1832
1833 status = table->SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
1834 return log_status("SetContextAttributesW", status);
1835}
1836
1837static SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesA(PCtxtHandle phContext,
1838 ULONG ulAttribute, void* pBuffer,
1839 ULONG cbBuffer)
1840{
1841 char* Name = nullptr;
1842 SECURITY_STATUS status = 0;
1843 const SecurityFunctionTableA* table = nullptr;
1844 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1845
1846 if (!Name)
1847 return SEC_E_SECPKG_NOT_FOUND;
1848
1849 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1850
1851 if (!table)
1852 return SEC_E_SECPKG_NOT_FOUND;
1853
1854 if (!table->SetContextAttributesA)
1855 {
1856 WLog_WARN(TAG, "Security module does not provide an implementation");
1857 return SEC_E_UNSUPPORTED_FUNCTION;
1858 }
1859
1860 status = table->SetContextAttributesA(phContext, ulAttribute, pBuffer, cbBuffer);
1861 return log_status("SetContextAttributesA", status);
1862}
1863
1864static SECURITY_STATUS SEC_ENTRY winpr_RevertSecurityContext(PCtxtHandle phContext)
1865{
1866 SEC_CHAR* Name = nullptr;
1867 SECURITY_STATUS status = 0;
1868 const SecurityFunctionTableW* table = nullptr;
1869 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1870
1871 if (!Name)
1872 return SEC_E_SECPKG_NOT_FOUND;
1873
1874 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1875
1876 if (!table)
1877 return SEC_E_SECPKG_NOT_FOUND;
1878
1879 if (!table->RevertSecurityContext)
1880 {
1881 WLog_WARN(TAG, "Security module does not provide an implementation");
1882 return SEC_E_UNSUPPORTED_FUNCTION;
1883 }
1884
1885 status = table->RevertSecurityContext(phContext);
1886
1887 return log_status("RevertSecurityContext", status);
1888}
1889
1890/* Message Support */
1891
1892static SECURITY_STATUS SEC_ENTRY winpr_DecryptMessage(PCtxtHandle phContext,
1893 PSecBufferDesc pMessage, ULONG MessageSeqNo,
1894 PULONG pfQOP)
1895{
1896 char* Name = nullptr;
1897 SECURITY_STATUS status = 0;
1898 const SecurityFunctionTableA* table = nullptr;
1899 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1900
1901 if (!Name)
1902 return SEC_E_SECPKG_NOT_FOUND;
1903
1904 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1905
1906 if (!table)
1907 return SEC_E_SECPKG_NOT_FOUND;
1908
1909 if (!table->DecryptMessage)
1910 {
1911 WLog_WARN(TAG, "Security module does not provide an implementation");
1912 return SEC_E_UNSUPPORTED_FUNCTION;
1913 }
1914
1915 status = table->DecryptMessage(phContext, pMessage, MessageSeqNo, pfQOP);
1916
1917 return log_status("DecryptMessage", status);
1918}
1919
1920static SECURITY_STATUS SEC_ENTRY winpr_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
1921 PSecBufferDesc pMessage, ULONG MessageSeqNo)
1922{
1923 char* Name = nullptr;
1924 SECURITY_STATUS status = 0;
1925 const SecurityFunctionTableA* table = nullptr;
1926 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1927
1928 if (!Name)
1929 return SEC_E_SECPKG_NOT_FOUND;
1930
1931 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1932
1933 if (!table)
1934 return SEC_E_SECPKG_NOT_FOUND;
1935
1936 if (!table->EncryptMessage)
1937 {
1938 WLog_WARN(TAG, "Security module does not provide an implementation");
1939 return SEC_E_UNSUPPORTED_FUNCTION;
1940 }
1941
1942 status = table->EncryptMessage(phContext, fQOP, pMessage, MessageSeqNo);
1943 return log_status("EncryptMessage", status);
1944}
1945
1946static SECURITY_STATUS SEC_ENTRY winpr_MakeSignature(PCtxtHandle phContext, ULONG fQOP,
1947 PSecBufferDesc pMessage, ULONG MessageSeqNo)
1948{
1949 SECURITY_STATUS status = 0;
1950 const char* Name = (const char*)sspi_SecureHandleGetUpperPointer(phContext);
1951
1952 if (!Name)
1953 return SEC_E_SECPKG_NOT_FOUND;
1954
1955 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(Name);
1956
1957 if (!table)
1958 return SEC_E_SECPKG_NOT_FOUND;
1959
1960 if (!table->MakeSignature)
1961 {
1962 WLog_WARN(TAG, "Security module does not provide an implementation");
1963 return SEC_E_UNSUPPORTED_FUNCTION;
1964 }
1965
1966 status = table->MakeSignature(phContext, fQOP, pMessage, MessageSeqNo);
1967 return log_status("MakeSignature", status);
1968}
1969
1970static SECURITY_STATUS SEC_ENTRY winpr_VerifySignature(PCtxtHandle phContext,
1971 PSecBufferDesc pMessage, ULONG MessageSeqNo,
1972 PULONG pfQOP)
1973{
1974 SECURITY_STATUS status = 0;
1975
1976 const char* Name = (const char*)sspi_SecureHandleGetUpperPointer(phContext);
1977
1978 if (!Name)
1979 return SEC_E_SECPKG_NOT_FOUND;
1980
1981 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(Name);
1982
1983 if (!table)
1984 return SEC_E_SECPKG_NOT_FOUND;
1985
1986 if (!table->VerifySignature)
1987 {
1988 WLog_WARN(TAG, "Security module does not provide an implementation");
1989 return SEC_E_UNSUPPORTED_FUNCTION;
1990 }
1991
1992 status = table->VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
1993
1994 return log_status("VerifySignature", status);
1995}
1996
1997static SecurityFunctionTableA winpr_SecurityFunctionTableA = {
1998 3, /* dwVersion */
1999 winpr_EnumerateSecurityPackagesA, /* EnumerateSecurityPackages */
2000 winpr_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
2001 winpr_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */
2002 winpr_FreeCredentialsHandle, /* FreeCredentialsHandle */
2003 nullptr, /* Reserved2 */
2004 winpr_InitializeSecurityContextA, /* InitializeSecurityContext */
2005 winpr_AcceptSecurityContext, /* AcceptSecurityContext */
2006 winpr_CompleteAuthToken, /* CompleteAuthToken */
2007 winpr_DeleteSecurityContext, /* DeleteSecurityContext */
2008 winpr_ApplyControlToken, /* ApplyControlToken */
2009 winpr_QueryContextAttributesA, /* QueryContextAttributes */
2010 winpr_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
2011 winpr_RevertSecurityContext, /* RevertSecurityContext */
2012 winpr_MakeSignature, /* MakeSignature */
2013 winpr_VerifySignature, /* VerifySignature */
2014 winpr_FreeContextBuffer, /* FreeContextBuffer */
2015 winpr_QuerySecurityPackageInfoA, /* QuerySecurityPackageInfo */
2016 nullptr, /* Reserved3 */
2017 nullptr, /* Reserved4 */
2018 winpr_ExportSecurityContext, /* ExportSecurityContext */
2019 winpr_ImportSecurityContextA, /* ImportSecurityContext */
2020 nullptr, /* AddCredentials */
2021 nullptr, /* Reserved8 */
2022 winpr_QuerySecurityContextToken, /* QuerySecurityContextToken */
2023 winpr_EncryptMessage, /* EncryptMessage */
2024 winpr_DecryptMessage, /* DecryptMessage */
2025 winpr_SetContextAttributesA, /* SetContextAttributes */
2026 winpr_SetCredentialsAttributesA, /* SetCredentialsAttributes */
2027};
2028
2029static SecurityFunctionTableW winpr_SecurityFunctionTableW = {
2030 3, /* dwVersion */
2031 winpr_EnumerateSecurityPackagesW, /* EnumerateSecurityPackages */
2032 winpr_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
2033 winpr_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */
2034 winpr_FreeCredentialsHandle, /* FreeCredentialsHandle */
2035 nullptr, /* Reserved2 */
2036 winpr_InitializeSecurityContextW, /* InitializeSecurityContext */
2037 winpr_AcceptSecurityContext, /* AcceptSecurityContext */
2038 winpr_CompleteAuthToken, /* CompleteAuthToken */
2039 winpr_DeleteSecurityContext, /* DeleteSecurityContext */
2040 winpr_ApplyControlToken, /* ApplyControlToken */
2041 winpr_QueryContextAttributesW, /* QueryContextAttributes */
2042 winpr_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
2043 winpr_RevertSecurityContext, /* RevertSecurityContext */
2044 winpr_MakeSignature, /* MakeSignature */
2045 winpr_VerifySignature, /* VerifySignature */
2046 winpr_FreeContextBuffer, /* FreeContextBuffer */
2047 winpr_QuerySecurityPackageInfoW, /* QuerySecurityPackageInfo */
2048 nullptr, /* Reserved3 */
2049 nullptr, /* Reserved4 */
2050 winpr_ExportSecurityContext, /* ExportSecurityContext */
2051 winpr_ImportSecurityContextW, /* ImportSecurityContext */
2052 nullptr, /* AddCredentials */
2053 nullptr, /* Reserved8 */
2054 winpr_QuerySecurityContextToken, /* QuerySecurityContextToken */
2055 winpr_EncryptMessage, /* EncryptMessage */
2056 winpr_DecryptMessage, /* DecryptMessage */
2057 winpr_SetContextAttributesW, /* SetContextAttributes */
2058 winpr_SetCredentialsAttributesW, /* SetCredentialsAttributes */
2059};
2060
2061SecurityFunctionTableW* SEC_ENTRY winpr_InitSecurityInterfaceW(void)
2062{
2063 return &winpr_SecurityFunctionTableW;
2064}
2065
2066SecurityFunctionTableA* SEC_ENTRY winpr_InitSecurityInterfaceA(void)
2067{
2068 return &winpr_SecurityFunctionTableA;
2069}
RTL_RUN_ONCE
Definition include/winpr/synch.h:382
SECURITY_INTEGER
Definition include/winpr/sspi.h:51
SEC_WINNT_AUTH_IDENTITY_A
Definition include/winpr/sspi.h:690
SEC_WINNT_AUTH_IDENTITY_EX2
Definition include/winpr/sspi.h:759
SEC_WINNT_AUTH_IDENTITY_EXA
Definition include/winpr/sspi.h:731
SEC_WINNT_AUTH_IDENTITY_EXW
Definition include/winpr/sspi.h:716
SEC_WINNT_AUTH_IDENTITY_W
Definition include/winpr/sspi.h:679
SSPI_CREDENTIALS
Definition libwinpr/sspi/sspi.h:32
SEC_WINNT_AUTH_IDENTITY_INFO
Definition include/winpr/sspi.h:783