FreeRDP
Loading...
Searching...
No Matches
credssp.c
1
20#include <winpr/config.h>
21
22#include <winpr/crt.h>
23#include <winpr/sspi.h>
24
25#include "credssp.h"
26
27#include "../sspi.h"
28#include "../../log.h"
29
30#define TAG WINPR_TAG("sspi.CredSSP")
31
32static const char* CREDSSP_PACKAGE_NAME = "CredSSP";
33
34static SECURITY_STATUS SEC_ENTRY credssp_InitializeSecurityContextW(
35 WINPR_ATTR_UNUSED PCredHandle phCredential, WINPR_ATTR_UNUSED PCtxtHandle phContext,
36 WINPR_ATTR_UNUSED SEC_WCHAR* pszTargetName, WINPR_ATTR_UNUSED ULONG fContextReq,
37 WINPR_ATTR_UNUSED ULONG Reserved1, WINPR_ATTR_UNUSED ULONG TargetDataRep,
38 WINPR_ATTR_UNUSED PSecBufferDesc pInput, WINPR_ATTR_UNUSED ULONG Reserved2,
39 WINPR_ATTR_UNUSED PCtxtHandle phNewContext, WINPR_ATTR_UNUSED PSecBufferDesc pOutput,
40 WINPR_ATTR_UNUSED PULONG pfContextAttr, WINPR_ATTR_UNUSED PTimeStamp ptsExpiry)
41{
42 WLog_ERR(TAG, "TODO: Implement");
43 return SEC_E_UNSUPPORTED_FUNCTION;
44}
45
46static SECURITY_STATUS SEC_ENTRY credssp_InitializeSecurityContextA(
47 PCredHandle phCredential, PCtxtHandle phContext, WINPR_ATTR_UNUSED SEC_CHAR* pszTargetName,
48 WINPR_ATTR_UNUSED ULONG fContextReq, WINPR_ATTR_UNUSED ULONG Reserved1,
49 WINPR_ATTR_UNUSED ULONG TargetDataRep, WINPR_ATTR_UNUSED PSecBufferDesc pInput,
50 WINPR_ATTR_UNUSED ULONG Reserved2, PCtxtHandle phNewContext,
51 WINPR_ATTR_UNUSED PSecBufferDesc pOutput, WINPR_ATTR_UNUSED PULONG pfContextAttr,
52 WINPR_ATTR_UNUSED PTimeStamp ptsExpiry)
53{
54 CREDSSP_CONTEXT* context = nullptr;
55 SSPI_CREDENTIALS* credentials = nullptr;
56
57 /* behave like windows SSPIs that don't want empty context */
58 if (phContext && !phContext->dwLower && !phContext->dwUpper)
59 return SEC_E_INVALID_HANDLE;
60
61 context = (CREDSSP_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
62
63 if (!context)
64 {
65 union
66 {
67 const void* cpv;
68 void* pv;
69 } cnv;
70 context = credssp_ContextNew();
71
72 if (!context)
73 return SEC_E_INSUFFICIENT_MEMORY;
74
75 credentials = (SSPI_CREDENTIALS*)sspi_SecureHandleGetLowerPointer(phCredential);
76
77 if (!credentials)
78 {
79 credssp_ContextFree(context);
80 return SEC_E_INVALID_HANDLE;
81 }
82
83 sspi_SecureHandleSetLowerPointer(phNewContext, context);
84
85 cnv.cpv = CREDSSP_PACKAGE_NAME;
86 sspi_SecureHandleSetUpperPointer(phNewContext, cnv.pv);
87 }
88
89 return SEC_E_OK;
90}
91
92CREDSSP_CONTEXT* credssp_ContextNew(void)
93{
94 CREDSSP_CONTEXT* context = nullptr;
95 context = (CREDSSP_CONTEXT*)calloc(1, sizeof(CREDSSP_CONTEXT));
96
97 if (!context)
98 return nullptr;
99
100 return context;
101}
102
103void credssp_ContextFree(CREDSSP_CONTEXT* context)
104{
105 free(context);
106}
107
108static SECURITY_STATUS SEC_ENTRY credssp_QueryContextAttributes(PCtxtHandle phContext,
109 WINPR_ATTR_UNUSED ULONG ulAttribute,
110 void* pBuffer)
111{
112 if (!phContext)
113 return SEC_E_INVALID_HANDLE;
114
115 if (!pBuffer)
116 return SEC_E_INSUFFICIENT_MEMORY;
117
118 WLog_ERR(TAG, "TODO: Implement");
119 return SEC_E_UNSUPPORTED_FUNCTION;
120}
121
122static SECURITY_STATUS SEC_ENTRY credssp_AcquireCredentialsHandleW(
123 WINPR_ATTR_UNUSED SEC_WCHAR* pszPrincipal, WINPR_ATTR_UNUSED SEC_WCHAR* pszPackage,
124 WINPR_ATTR_UNUSED ULONG fCredentialUse, WINPR_ATTR_UNUSED void* pvLogonID,
125 WINPR_ATTR_UNUSED void* pAuthData, WINPR_ATTR_UNUSED SEC_GET_KEY_FN pGetKeyFn,
126 WINPR_ATTR_UNUSED void* pvGetKeyArgument, WINPR_ATTR_UNUSED PCredHandle phCredential,
127 WINPR_ATTR_UNUSED PTimeStamp ptsExpiry)
128{
129 WLog_ERR(TAG, "TODO: Implement");
130 return SEC_E_UNSUPPORTED_FUNCTION;
131}
132
133static SECURITY_STATUS SEC_ENTRY credssp_AcquireCredentialsHandleA(
134 WINPR_ATTR_UNUSED SEC_CHAR* pszPrincipal, WINPR_ATTR_UNUSED SEC_CHAR* pszPackage,
135 WINPR_ATTR_UNUSED ULONG fCredentialUse, WINPR_ATTR_UNUSED void* pvLogonID,
136 WINPR_ATTR_UNUSED void* pAuthData, WINPR_ATTR_UNUSED SEC_GET_KEY_FN pGetKeyFn,
137 WINPR_ATTR_UNUSED void* pvGetKeyArgument, WINPR_ATTR_UNUSED PCredHandle phCredential,
138 WINPR_ATTR_UNUSED PTimeStamp ptsExpiry)
139{
140 SSPI_CREDENTIALS* credentials = nullptr;
141 SEC_WINNT_AUTH_IDENTITY* identity = nullptr;
142
143 if (fCredentialUse == SECPKG_CRED_OUTBOUND)
144 {
145 union
146 {
147 const void* cpv;
148 void* pv;
149 } cnv;
150 credentials = sspi_CredentialsNew();
151
152 if (!credentials)
153 return SEC_E_INSUFFICIENT_MEMORY;
154
155 identity = (SEC_WINNT_AUTH_IDENTITY*)pAuthData;
156 CopyMemory(&(credentials->identity), identity, sizeof(SEC_WINNT_AUTH_IDENTITY));
157 sspi_SecureHandleSetLowerPointer(phCredential, (void*)credentials);
158
159 cnv.cpv = CREDSSP_PACKAGE_NAME;
160 sspi_SecureHandleSetUpperPointer(phCredential, cnv.pv);
161 return SEC_E_OK;
162 }
163
164 WLog_ERR(TAG, "TODO: Implement");
165 return SEC_E_UNSUPPORTED_FUNCTION;
166}
167
168static SECURITY_STATUS SEC_ENTRY credssp_QueryCredentialsAttributesW(
169 WINPR_ATTR_UNUSED PCredHandle phCredential, WINPR_ATTR_UNUSED ULONG ulAttribute,
170 WINPR_ATTR_UNUSED void* pBuffer)
171{
172 WLog_ERR(TAG, "TODO: Implement");
173 return SEC_E_UNSUPPORTED_FUNCTION;
174}
175
176static SECURITY_STATUS SEC_ENTRY credssp_QueryCredentialsAttributesA(
177 WINPR_ATTR_UNUSED PCredHandle phCredential, WINPR_ATTR_UNUSED ULONG ulAttribute,
178 WINPR_ATTR_UNUSED void* pBuffer)
179{
180 if (ulAttribute == SECPKG_CRED_ATTR_NAMES)
181 {
182 SSPI_CREDENTIALS* credentials =
183 (SSPI_CREDENTIALS*)sspi_SecureHandleGetLowerPointer(phCredential);
184
185 if (!credentials)
186 return SEC_E_INVALID_HANDLE;
187
188 return SEC_E_OK;
189 }
190
191 WLog_ERR(TAG, "TODO: Implement");
192 return SEC_E_UNSUPPORTED_FUNCTION;
193}
194
195static SECURITY_STATUS SEC_ENTRY credssp_FreeCredentialsHandle(PCredHandle phCredential)
196{
197 if (!phCredential)
198 return SEC_E_INVALID_HANDLE;
199
200 SSPI_CREDENTIALS* credentials =
201 (SSPI_CREDENTIALS*)sspi_SecureHandleGetLowerPointer(phCredential);
202 sspi_SecureHandleInvalidate(phCredential);
203 if (!credentials)
204 return SEC_E_INVALID_HANDLE;
205
206 sspi_CredentialsFree(credentials);
207 return SEC_E_OK;
208}
209
210static SECURITY_STATUS SEC_ENTRY credssp_EncryptMessage(WINPR_ATTR_UNUSED PCtxtHandle phContext,
211 WINPR_ATTR_UNUSED ULONG fQOP,
212 WINPR_ATTR_UNUSED PSecBufferDesc pMessage,
213 WINPR_ATTR_UNUSED ULONG MessageSeqNo)
214{
215 WLog_ERR(TAG, "TODO: Implement");
216 return SEC_E_UNSUPPORTED_FUNCTION;
217}
218
219static SECURITY_STATUS SEC_ENTRY credssp_DecryptMessage(WINPR_ATTR_UNUSED PCtxtHandle phContext,
220 WINPR_ATTR_UNUSED PSecBufferDesc pMessage,
221 WINPR_ATTR_UNUSED ULONG MessageSeqNo,
222 WINPR_ATTR_UNUSED ULONG* pfQOP)
223{
224 WLog_ERR(TAG, "TODO: Implement");
225 return SEC_E_UNSUPPORTED_FUNCTION;
226}
227
228static SECURITY_STATUS SEC_ENTRY credssp_MakeSignature(WINPR_ATTR_UNUSED PCtxtHandle phContext,
229 WINPR_ATTR_UNUSED ULONG fQOP,
230 WINPR_ATTR_UNUSED PSecBufferDesc pMessage,
231 WINPR_ATTR_UNUSED ULONG MessageSeqNo)
232{
233 WLog_ERR(TAG, "TODO: Implement");
234 return SEC_E_UNSUPPORTED_FUNCTION;
235}
236
237static SECURITY_STATUS SEC_ENTRY credssp_VerifySignature(WINPR_ATTR_UNUSED PCtxtHandle phContext,
238 WINPR_ATTR_UNUSED PSecBufferDesc pMessage,
239 WINPR_ATTR_UNUSED ULONG MessageSeqNo,
240 WINPR_ATTR_UNUSED ULONG* pfQOP)
241{
242 WLog_ERR(TAG, "TODO: Implement");
243 return SEC_E_UNSUPPORTED_FUNCTION;
244}
245
246const SecurityFunctionTableA CREDSSP_SecurityFunctionTableA = {
247 3, /* dwVersion */
248 nullptr, /* EnumerateSecurityPackages */
249 credssp_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
250 credssp_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */
251 credssp_FreeCredentialsHandle, /* FreeCredentialsHandle */
252 nullptr, /* Reserved2 */
253 credssp_InitializeSecurityContextA, /* InitializeSecurityContext */
254 nullptr, /* AcceptSecurityContext */
255 nullptr, /* CompleteAuthToken */
256 nullptr, /* DeleteSecurityContext */
257 nullptr, /* ApplyControlToken */
258 credssp_QueryContextAttributes, /* QueryContextAttributes */
259 nullptr, /* ImpersonateSecurityContext */
260 nullptr, /* RevertSecurityContext */
261 credssp_MakeSignature, /* MakeSignature */
262 credssp_VerifySignature, /* VerifySignature */
263 nullptr, /* FreeContextBuffer */
264 nullptr, /* QuerySecurityPackageInfo */
265 nullptr, /* Reserved3 */
266 nullptr, /* Reserved4 */
267 nullptr, /* ExportSecurityContext */
268 nullptr, /* ImportSecurityContext */
269 nullptr, /* AddCredentials */
270 nullptr, /* Reserved8 */
271 nullptr, /* QuerySecurityContextToken */
272 credssp_EncryptMessage, /* EncryptMessage */
273 credssp_DecryptMessage, /* DecryptMessage */
274 nullptr, /* SetContextAttributes */
275 nullptr, /* SetCredentialsAttributes */
276};
277
278const SecurityFunctionTableW CREDSSP_SecurityFunctionTableW = {
279 3, /* dwVersion */
280 nullptr, /* EnumerateSecurityPackages */
281 credssp_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
282 credssp_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */
283 credssp_FreeCredentialsHandle, /* FreeCredentialsHandle */
284 nullptr, /* Reserved2 */
285 credssp_InitializeSecurityContextW, /* InitializeSecurityContext */
286 nullptr, /* AcceptSecurityContext */
287 nullptr, /* CompleteAuthToken */
288 nullptr, /* DeleteSecurityContext */
289 nullptr, /* ApplyControlToken */
290 credssp_QueryContextAttributes, /* QueryContextAttributes */
291 nullptr, /* ImpersonateSecurityContext */
292 nullptr, /* RevertSecurityContext */
293 credssp_MakeSignature, /* MakeSignature */
294 credssp_VerifySignature, /* VerifySignature */
295 nullptr, /* FreeContextBuffer */
296 nullptr, /* QuerySecurityPackageInfo */
297 nullptr, /* Reserved3 */
298 nullptr, /* Reserved4 */
299 nullptr, /* ExportSecurityContext */
300 nullptr, /* ImportSecurityContext */
301 nullptr, /* AddCredentials */
302 nullptr, /* Reserved8 */
303 nullptr, /* QuerySecurityContextToken */
304 credssp_EncryptMessage, /* EncryptMessage */
305 credssp_DecryptMessage, /* DecryptMessage */
306 nullptr, /* SetContextAttributes */
307 nullptr, /* SetCredentialsAttributes */
308};
309
310const SecPkgInfoA CREDSSP_SecPkgInfoA = {
311 0x000110733, /* fCapabilities */
312 1, /* wVersion */
313 0xFFFF, /* wRPCID */
314 0x000090A8, /* cbMaxToken */
315 "CREDSSP", /* Name */
316 "Microsoft CredSSP Security Provider" /* Comment */
317};
318
319static WCHAR CREDSSP_SecPkgInfoW_NameBuffer[128] = WINPR_C_ARRAY_INIT;
320static WCHAR CREDSSP_SecPkgInfoW_CommentBuffer[128] = WINPR_C_ARRAY_INIT;
321
322const SecPkgInfoW CREDSSP_SecPkgInfoW = {
323 0x000110733, /* fCapabilities */
324 1, /* wVersion */
325 0xFFFF, /* wRPCID */
326 0x000090A8, /* cbMaxToken */
327 CREDSSP_SecPkgInfoW_NameBuffer, /* Name */
328 CREDSSP_SecPkgInfoW_CommentBuffer /* Comment */
329};
330
331BOOL CREDSSP_init(void)
332{
333 InitializeConstWCharFromUtf8(CREDSSP_SecPkgInfoA.Name, CREDSSP_SecPkgInfoW_NameBuffer,
334 ARRAYSIZE(CREDSSP_SecPkgInfoW_NameBuffer));
335 InitializeConstWCharFromUtf8(CREDSSP_SecPkgInfoA.Comment, CREDSSP_SecPkgInfoW_CommentBuffer,
336 ARRAYSIZE(CREDSSP_SecPkgInfoW_CommentBuffer));
337 return TRUE;
338}
CREDSSP_CONTEXT
Definition credssp.h:28
SECURITY_INTEGER
Definition include/winpr/sspi.h:51
SSPI_CREDENTIALS
Definition libwinpr/sspi/sspi.h:32