FreeRDP
Loading...
Searching...
No Matches
sspi_winpr.c
1
21#include <winpr/config.h>
22#include <winpr/assert.h>
23#include <winpr/windows.h>
24
25#include <winpr/crt.h>
26#include <winpr/sspi.h>
27#include <winpr/ssl.h>
28#include <winpr/print.h>
29
30#include "sspi.h"
31
32#include "sspi_winpr.h"
33
34#include "../log.h"
35#define TAG WINPR_TAG("sspi")
36
37/* Authentication Functions: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731/ */
38
39#include "NTLM/ntlm.h"
40#include "NTLM/ntlm_export.h"
41#include "CredSSP/credssp.h"
42#include "Kerberos/kerberos.h"
43#include "Negotiate/negotiate.h"
44#include "Schannel/schannel.h"
45
46static const SecPkgInfoA* SecPkgInfoA_LIST[] = { &NTLM_SecPkgInfoA, &KERBEROS_SecPkgInfoA,
47 &NEGOTIATE_SecPkgInfoA, &CREDSSP_SecPkgInfoA,
48 &SCHANNEL_SecPkgInfoA };
49
50static const SecPkgInfoW* SecPkgInfoW_LIST[] = { &NTLM_SecPkgInfoW, &KERBEROS_SecPkgInfoW,
51 &NEGOTIATE_SecPkgInfoW, &CREDSSP_SecPkgInfoW,
52 &SCHANNEL_SecPkgInfoW };
53
54typedef struct
55{
56 const SEC_CHAR* Name;
57 const SecurityFunctionTableA* SecurityFunctionTable;
58} SecurityFunctionTableA_NAME;
59
60typedef struct
61{
62 const SEC_WCHAR* Name;
63 const SecurityFunctionTableW* SecurityFunctionTable;
64} SecurityFunctionTableW_NAME;
65
66static const SecurityFunctionTableA_NAME SecurityFunctionTableA_NAME_LIST[] = {
67 { "NTLM", &NTLM_SecurityFunctionTableA },
68 { "Kerberos", &KERBEROS_SecurityFunctionTableA },
69 { "Negotiate", &NEGOTIATE_SecurityFunctionTableA },
70 { "CREDSSP", &CREDSSP_SecurityFunctionTableA },
71 { "Schannel", &SCHANNEL_SecurityFunctionTableA }
72};
73
74static WCHAR BUFFER_NAME_LIST_W[5][32] = WINPR_C_ARRAY_INIT;
75
76static const SecurityFunctionTableW_NAME SecurityFunctionTableW_NAME_LIST[] = {
77 { BUFFER_NAME_LIST_W[0], &NTLM_SecurityFunctionTableW },
78 { BUFFER_NAME_LIST_W[1], &KERBEROS_SecurityFunctionTableW },
79 { BUFFER_NAME_LIST_W[2], &NEGOTIATE_SecurityFunctionTableW },
80 { BUFFER_NAME_LIST_W[3], &CREDSSP_SecurityFunctionTableW },
81 { BUFFER_NAME_LIST_W[4], &SCHANNEL_SecurityFunctionTableW }
82};
83
84typedef struct
85{
86 void* contextBuffer;
87 UINT32 allocatorIndex;
88} CONTEXT_BUFFER_ALLOC_ENTRY;
89
90typedef struct
91{
92 UINT32 cEntries;
93 UINT32 cMaxEntries;
94 CONTEXT_BUFFER_ALLOC_ENTRY* entries;
95} CONTEXT_BUFFER_ALLOC_TABLE;
96
97static CONTEXT_BUFFER_ALLOC_TABLE ContextBufferAllocTable = WINPR_C_ARRAY_INIT;
98
99static int sspi_ContextBufferAllocTableNew(void)
100{
101 size_t size = 0;
102 ContextBufferAllocTable.entries = nullptr;
103 ContextBufferAllocTable.cEntries = 0;
104 ContextBufferAllocTable.cMaxEntries = 4;
105 size = sizeof(CONTEXT_BUFFER_ALLOC_ENTRY) * ContextBufferAllocTable.cMaxEntries;
106 ContextBufferAllocTable.entries = (CONTEXT_BUFFER_ALLOC_ENTRY*)calloc(1, size);
107
108 if (!ContextBufferAllocTable.entries)
109 return -1;
110
111 return 1;
112}
113
114static int sspi_ContextBufferAllocTableGrow(void)
115{
116 size_t size = 0;
117 CONTEXT_BUFFER_ALLOC_ENTRY* entries = nullptr;
118 ContextBufferAllocTable.cEntries = 0;
119 ContextBufferAllocTable.cMaxEntries *= 2;
120 size = sizeof(CONTEXT_BUFFER_ALLOC_ENTRY) * ContextBufferAllocTable.cMaxEntries;
121
122 if (!size)
123 return -1;
124
125 entries = (CONTEXT_BUFFER_ALLOC_ENTRY*)realloc(ContextBufferAllocTable.entries, size);
126
127 if (!entries)
128 {
129 free(ContextBufferAllocTable.entries);
130 return -1;
131 }
132
133 ContextBufferAllocTable.entries = entries;
134 ZeroMemory((void*)&ContextBufferAllocTable.entries[ContextBufferAllocTable.cMaxEntries / 2],
135 size / 2);
136 return 1;
137}
138
139static void sspi_ContextBufferAllocTableFree(void)
140{
141 if (ContextBufferAllocTable.cEntries != 0)
142 WLog_ERR(TAG, "ContextBufferAllocTable.entries == %" PRIu32,
143 ContextBufferAllocTable.cEntries);
144
145 ContextBufferAllocTable.cEntries = ContextBufferAllocTable.cMaxEntries = 0;
146 free(ContextBufferAllocTable.entries);
147 ContextBufferAllocTable.entries = nullptr;
148}
149
150void* sspi_ContextBufferAlloc(UINT32 allocatorIndex, size_t size)
151{
152 void* contextBuffer = nullptr;
153
154 for (UINT32 index = 0; index < ContextBufferAllocTable.cMaxEntries; index++)
155 {
156 if (!ContextBufferAllocTable.entries[index].contextBuffer)
157 {
158 contextBuffer = calloc(1, size);
159
160 if (!contextBuffer)
161 return nullptr;
162
163 ContextBufferAllocTable.cEntries++;
164 ContextBufferAllocTable.entries[index].contextBuffer = contextBuffer;
165 ContextBufferAllocTable.entries[index].allocatorIndex = allocatorIndex;
166 return ContextBufferAllocTable.entries[index].contextBuffer;
167 }
168 }
169
170 /* no available entry was found, the table needs to be grown */
171
172 if (sspi_ContextBufferAllocTableGrow() < 0)
173 return nullptr;
174
175 /* the next call to sspi_ContextBufferAlloc() should now succeed */
176 return sspi_ContextBufferAlloc(allocatorIndex, size);
177}
178
179SSPI_CREDENTIALS* sspi_CredentialsNew(void)
180{
181 SSPI_CREDENTIALS* credentials = nullptr;
182 credentials = (SSPI_CREDENTIALS*)calloc(1, sizeof(SSPI_CREDENTIALS));
183 return credentials;
184}
185
186void sspi_CredentialsFree(SSPI_CREDENTIALS* credentials)
187{
188 size_t userLength = 0;
189 size_t domainLength = 0;
190 size_t passwordLength = 0;
191
192 if (!credentials)
193 return;
194
195 if (credentials->ntlmSettings.samFile)
196 free(credentials->ntlmSettings.samFile);
197
198 userLength = credentials->identity.UserLength;
199 domainLength = credentials->identity.DomainLength;
200 passwordLength = credentials->identity.PasswordLength;
201
202 if (passwordLength > SSPI_CREDENTIALS_HASH_LENGTH_OFFSET) /* [pth] */
203 passwordLength -= SSPI_CREDENTIALS_HASH_LENGTH_OFFSET;
204
205 if (credentials->identity.Flags & SEC_WINNT_AUTH_IDENTITY_UNICODE)
206 {
207 userLength *= 2;
208 domainLength *= 2;
209 passwordLength *= 2;
210 }
211
212 if (credentials->identity.User)
213 memset(credentials->identity.User, 0, userLength);
214 if (credentials->identity.Domain)
215 memset(credentials->identity.Domain, 0, domainLength);
216 if (credentials->identity.Password)
217 memset(credentials->identity.Password, 0, passwordLength);
218 free(credentials->identity.User);
219 free(credentials->identity.Domain);
220 free(credentials->identity.Password);
221 free(credentials);
222}
223
224void* sspi_SecBufferAlloc(PSecBuffer SecBuffer, ULONG size)
225{
226 if (!SecBuffer)
227 return nullptr;
228
229 SecBuffer->pvBuffer = calloc(1, size);
230
231 if (!SecBuffer->pvBuffer)
232 return nullptr;
233
234 SecBuffer->cbBuffer = size;
235 return SecBuffer->pvBuffer;
236}
237
238void sspi_SecBufferFree(PSecBuffer SecBuffer)
239{
240 if (!SecBuffer)
241 return;
242
243 if (SecBuffer->pvBuffer)
244 memset(SecBuffer->pvBuffer, 0, SecBuffer->cbBuffer);
245
246 free(SecBuffer->pvBuffer);
247 SecBuffer->pvBuffer = nullptr;
248 SecBuffer->cbBuffer = 0;
249}
250
251SecHandle* sspi_SecureHandleAlloc(void)
252{
253 SecHandle* handle = (SecHandle*)calloc(1, sizeof(SecHandle));
254
255 if (!handle)
256 return nullptr;
257
258 SecInvalidateHandle(handle);
259 return handle;
260}
261
262void* sspi_SecureHandleGetLowerPointer(SecHandle* handle)
263{
264 void* pointer = nullptr;
265
266 if (!handle || !SecIsValidHandle(handle) || !handle->dwLower)
267 return nullptr;
268
269 pointer = (void*)~((size_t)handle->dwLower);
270 return pointer;
271}
272
273void sspi_SecureHandleInvalidate(SecHandle* handle)
274{
275 if (!handle)
276 return;
277
278 handle->dwLower = 0;
279 handle->dwUpper = 0;
280}
281
282void sspi_SecureHandleSetLowerPointer(SecHandle* handle, void* pointer)
283{
284 if (!handle)
285 return;
286
287 handle->dwLower = (ULONG_PTR)(~((size_t)pointer));
288}
289
290void* sspi_SecureHandleGetUpperPointer(SecHandle* handle)
291{
292 void* pointer = nullptr;
293
294 if (!handle || !SecIsValidHandle(handle) || !handle->dwUpper)
295 return nullptr;
296
297 pointer = (void*)~((size_t)handle->dwUpper);
298 return pointer;
299}
300
301void sspi_SecureHandleSetUpperPointer(SecHandle* handle, void* pointer)
302{
303 if (!handle)
304 return;
305
306 handle->dwUpper = (ULONG_PTR)(~((size_t)pointer));
307}
308
309void sspi_SecureHandleFree(SecHandle* handle)
310{
311 free(handle);
312}
313
314int sspi_SetAuthIdentityW(SEC_WINNT_AUTH_IDENTITY* identity, const WCHAR* user, const WCHAR* domain,
315 const WCHAR* password)
316{
317 return sspi_SetAuthIdentityWithLengthW(identity, user, user ? _wcslen(user) : 0, domain,
318 domain ? _wcslen(domain) : 0, password,
319 password ? _wcslen(password) : 0);
320}
321
322static BOOL copy(WCHAR** dst, ULONG* dstLen, const WCHAR* what, size_t len)
323{
324 WINPR_ASSERT(dst);
325 WINPR_ASSERT(dstLen);
326
327 *dst = nullptr;
328 *dstLen = 0;
329
330 if (len > UINT32_MAX)
331 return FALSE;
332
333 /* Case what="" and len=0 should allocate an empty string */
334 if (!what && (len != 0))
335 return FALSE;
336 if (!what && (len == 0))
337 return TRUE;
338
339 *dst = calloc(sizeof(WCHAR), len + 1);
340 if (!*dst)
341 return FALSE;
342
343 memcpy(*dst, what, len * sizeof(WCHAR));
344 *dstLen = WINPR_ASSERTING_INT_CAST(UINT32, len);
345 return TRUE;
346}
347
348int sspi_SetAuthIdentityWithLengthW(SEC_WINNT_AUTH_IDENTITY* identity, const WCHAR* user,
349 size_t userLen, const WCHAR* domain, size_t domainLen,
350 const WCHAR* password, size_t passwordLen)
351{
352 WINPR_ASSERT(identity);
353 sspi_FreeAuthIdentity(identity);
354 identity->Flags &= (uint32_t)~SEC_WINNT_AUTH_IDENTITY_ANSI;
355 identity->Flags |= SEC_WINNT_AUTH_IDENTITY_UNICODE;
356
357 if (!copy(&identity->User, &identity->UserLength, user, userLen))
358 return -1;
359
360 if (!copy(&identity->Domain, &identity->DomainLength, domain, domainLen))
361 return -1;
362
363 if (!copy(&identity->Password, &identity->PasswordLength, password, passwordLen))
364 return -1;
365
366 return 1;
367}
368
369static void zfree(WCHAR* str, size_t len)
370{
371 if (str)
372 memset(str, 0, len * sizeof(WCHAR));
373 free(str);
374}
375
376int sspi_SetAuthIdentityA(SEC_WINNT_AUTH_IDENTITY* identity, const char* user, const char* domain,
377 const char* password)
378{
379 int rc = 0;
380 size_t unicodeUserLenW = 0;
381 size_t unicodeDomainLenW = 0;
382 size_t unicodePasswordLenW = 0;
383 LPWSTR unicodeUser = nullptr;
384 LPWSTR unicodeDomain = nullptr;
385 LPWSTR unicodePassword = nullptr;
386
387 if (user)
388 unicodeUser = ConvertUtf8ToWCharAlloc(user, &unicodeUserLenW);
389
390 if (domain)
391 unicodeDomain = ConvertUtf8ToWCharAlloc(domain, &unicodeDomainLenW);
392
393 if (password)
394 unicodePassword = ConvertUtf8ToWCharAlloc(password, &unicodePasswordLenW);
395
396 rc = sspi_SetAuthIdentityWithLengthW(identity, unicodeUser, unicodeUserLenW, unicodeDomain,
397 unicodeDomainLenW, unicodePassword, unicodePasswordLenW);
398
399 zfree(unicodeUser, unicodeUserLenW);
400 zfree(unicodeDomain, unicodeDomainLenW);
401 zfree(unicodePassword, unicodePasswordLenW);
402 return rc;
403}
404
405UINT32 sspi_GetAuthIdentityVersion(const void* identity)
406{
407 UINT32 version = 0;
408
409 if (!identity)
410 return 0;
411
412 version = *((const UINT32*)identity);
413
414 if ((version == SEC_WINNT_AUTH_IDENTITY_VERSION) ||
415 (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2))
416 {
417 return version;
418 }
419
420 return 0; // SEC_WINNT_AUTH_IDENTITY (no version)
421}
422
423UINT32 sspi_GetAuthIdentityFlags(const void* identity)
424{
425 UINT32 version = 0;
426 UINT32 flags = 0;
427
428 if (!identity)
429 return 0;
430
431 version = sspi_GetAuthIdentityVersion(identity);
432
433 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
434 {
435 flags = ((const SEC_WINNT_AUTH_IDENTITY_EX*)identity)->Flags;
436 }
437 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
438 {
439 flags = ((const SEC_WINNT_AUTH_IDENTITY_EX2*)identity)->Flags;
440 }
441 else // SEC_WINNT_AUTH_IDENTITY
442 {
443 flags = ((const SEC_WINNT_AUTH_IDENTITY*)identity)->Flags;
444 }
445
446 return flags;
447}
448
449BOOL sspi_GetAuthIdentityUserDomainW(const void* identity, const WCHAR** pUser, UINT32* pUserLength,
450 const WCHAR** pDomain, UINT32* pDomainLength)
451{
452 UINT32 version = 0;
453
454 if (!identity)
455 return FALSE;
456
457 version = sspi_GetAuthIdentityVersion(identity);
458
459 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
460 {
461 const SEC_WINNT_AUTH_IDENTITY_EXW* id = (const SEC_WINNT_AUTH_IDENTITY_EXW*)identity;
462 *pUser = (const WCHAR*)id->User;
463 *pUserLength = id->UserLength;
464 *pDomain = (const WCHAR*)id->Domain;
465 *pDomainLength = id->DomainLength;
466 }
467 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
468 {
469 const SEC_WINNT_AUTH_IDENTITY_EX2* id = (const SEC_WINNT_AUTH_IDENTITY_EX2*)identity;
470 UINT32 UserOffset = id->UserOffset;
471 UINT32 DomainOffset = id->DomainOffset;
472 *pUser = (const WCHAR*)&((const uint8_t*)identity)[UserOffset];
473 *pUserLength = id->UserLength / 2;
474 *pDomain = (const WCHAR*)&((const uint8_t*)identity)[DomainOffset];
475 *pDomainLength = id->DomainLength / 2;
476 }
477 else // SEC_WINNT_AUTH_IDENTITY
478 {
479 const SEC_WINNT_AUTH_IDENTITY_W* id = (const SEC_WINNT_AUTH_IDENTITY_W*)identity;
480 *pUser = (const WCHAR*)id->User;
481 *pUserLength = id->UserLength;
482 *pDomain = (const WCHAR*)id->Domain;
483 *pDomainLength = id->DomainLength;
484 }
485
486 return TRUE;
487}
488
489BOOL sspi_GetAuthIdentityUserDomainA(const void* identity, const char** pUser, UINT32* pUserLength,
490 const char** pDomain, UINT32* pDomainLength)
491{
492 UINT32 version = 0;
493
494 if (!identity)
495 return FALSE;
496
497 version = sspi_GetAuthIdentityVersion(identity);
498
499 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
500 {
501 const SEC_WINNT_AUTH_IDENTITY_EXA* id = (const SEC_WINNT_AUTH_IDENTITY_EXA*)identity;
502 *pUser = (const char*)id->User;
503 *pUserLength = id->UserLength;
504 *pDomain = (const char*)id->Domain;
505 *pDomainLength = id->DomainLength;
506 }
507 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
508 {
509 const SEC_WINNT_AUTH_IDENTITY_EX2* id = (const SEC_WINNT_AUTH_IDENTITY_EX2*)identity;
510 UINT32 UserOffset = id->UserOffset;
511 UINT32 DomainOffset = id->DomainOffset;
512 *pUser = (const char*)&((const uint8_t*)identity)[UserOffset];
513 *pUserLength = id->UserLength;
514 *pDomain = (const char*)&((const uint8_t*)identity)[DomainOffset];
515 *pDomainLength = id->DomainLength;
516 }
517 else // SEC_WINNT_AUTH_IDENTITY
518 {
519 const SEC_WINNT_AUTH_IDENTITY_A* id = (const SEC_WINNT_AUTH_IDENTITY_A*)identity;
520 *pUser = (const char*)id->User;
521 *pUserLength = id->UserLength;
522 *pDomain = (const char*)id->Domain;
523 *pDomainLength = id->DomainLength;
524 }
525
526 return TRUE;
527}
528
529BOOL sspi_GetAuthIdentityPasswordW(const void* identity, const WCHAR** pPassword,
530 UINT32* pPasswordLength)
531{
532 UINT32 version = 0;
533
534 if (!identity)
535 return FALSE;
536
537 version = sspi_GetAuthIdentityVersion(identity);
538
539 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
540 {
541 const SEC_WINNT_AUTH_IDENTITY_EXW* id = (const SEC_WINNT_AUTH_IDENTITY_EXW*)identity;
542 *pPassword = (const WCHAR*)id->Password;
543 *pPasswordLength = id->PasswordLength;
544 }
545 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
546 {
547 return FALSE; // TODO: packed credentials
548 }
549 else // SEC_WINNT_AUTH_IDENTITY
550 {
551 const SEC_WINNT_AUTH_IDENTITY_W* id = (const SEC_WINNT_AUTH_IDENTITY_W*)identity;
552 *pPassword = (const WCHAR*)id->Password;
553 *pPasswordLength = id->PasswordLength;
554 }
555
556 return TRUE;
557}
558
559BOOL sspi_GetAuthIdentityPasswordA(const void* identity, const char** pPassword,
560 UINT32* pPasswordLength)
561{
562 UINT32 version = 0;
563
564 if (!identity)
565 return FALSE;
566
567 version = sspi_GetAuthIdentityVersion(identity);
568
569 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
570 {
571 const SEC_WINNT_AUTH_IDENTITY_EXA* id = (const SEC_WINNT_AUTH_IDENTITY_EXA*)identity;
572 *pPassword = (const char*)id->Password;
573 *pPasswordLength = id->PasswordLength;
574 }
575 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
576 {
577 return FALSE; // TODO: packed credentials
578 }
579 else // SEC_WINNT_AUTH_IDENTITY
580 {
581 const SEC_WINNT_AUTH_IDENTITY_A* id = (const SEC_WINNT_AUTH_IDENTITY_A*)identity;
582 *pPassword = (const char*)id->Password;
583 *pPasswordLength = id->PasswordLength;
584 }
585
586 return TRUE;
587}
588
589BOOL sspi_CopyAuthIdentityFieldsA(const SEC_WINNT_AUTH_IDENTITY_INFO* identity, char** pUser,
590 char** pDomain, char** pPassword)
591{
592 BOOL success = FALSE;
593 const char* UserA = nullptr;
594 const char* DomainA = nullptr;
595 const char* PasswordA = nullptr;
596 const WCHAR* UserW = nullptr;
597 const WCHAR* DomainW = nullptr;
598 const WCHAR* PasswordW = nullptr;
599 UINT32 UserLength = 0;
600 UINT32 DomainLength = 0;
601 UINT32 PasswordLength = 0;
602
603 if (!identity || !pUser || !pDomain || !pPassword)
604 return FALSE;
605
606 *pUser = *pDomain = *pPassword = nullptr;
607
608 UINT32 identityFlags = sspi_GetAuthIdentityFlags(identity);
609
610 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
611 {
612 if (!sspi_GetAuthIdentityUserDomainA(identity, &UserA, &UserLength, &DomainA,
613 &DomainLength))
614 goto cleanup;
615
616 if (!sspi_GetAuthIdentityPasswordA(identity, &PasswordA, &PasswordLength))
617 goto cleanup;
618
619 if (UserA && UserLength)
620 {
621 *pUser = _strdup(UserA);
622
623 if (!(*pUser))
624 goto cleanup;
625 }
626
627 if (DomainA && DomainLength)
628 {
629 *pDomain = _strdup(DomainA);
630
631 if (!(*pDomain))
632 goto cleanup;
633 }
634
635 if (PasswordA && PasswordLength)
636 {
637 *pPassword = _strdup(PasswordA);
638
639 if (!(*pPassword))
640 goto cleanup;
641 }
642
643 success = TRUE;
644 }
645 else
646 {
647 if (!sspi_GetAuthIdentityUserDomainW(identity, &UserW, &UserLength, &DomainW,
648 &DomainLength))
649 goto cleanup;
650
651 if (!sspi_GetAuthIdentityPasswordW(identity, &PasswordW, &PasswordLength))
652 goto cleanup;
653
654 if (UserW && (UserLength > 0))
655 {
656 *pUser = ConvertWCharNToUtf8Alloc(UserW, UserLength, nullptr);
657 if (!(*pUser))
658 goto cleanup;
659 }
660
661 if (DomainW && (DomainLength > 0))
662 {
663 *pDomain = ConvertWCharNToUtf8Alloc(DomainW, DomainLength, nullptr);
664 if (!(*pDomain))
665 goto cleanup;
666 }
667
668 if (PasswordW && (PasswordLength > 0))
669 {
670 *pPassword = ConvertWCharNToUtf8Alloc(PasswordW, PasswordLength, nullptr);
671 if (!(*pPassword))
672 goto cleanup;
673 }
674
675 success = TRUE;
676 }
677
678cleanup:
679 return success;
680}
681
682BOOL sspi_CopyAuthIdentityFieldsW(const SEC_WINNT_AUTH_IDENTITY_INFO* identity, WCHAR** pUser,
683 WCHAR** pDomain, WCHAR** pPassword)
684{
685 BOOL success = FALSE;
686 const char* UserA = nullptr;
687 const char* DomainA = nullptr;
688 const char* PasswordA = nullptr;
689 const WCHAR* UserW = nullptr;
690 const WCHAR* DomainW = nullptr;
691 const WCHAR* PasswordW = nullptr;
692 UINT32 UserLength = 0;
693 UINT32 DomainLength = 0;
694 UINT32 PasswordLength = 0;
695
696 if (!identity || !pUser || !pDomain || !pPassword)
697 return FALSE;
698
699 *pUser = *pDomain = *pPassword = nullptr;
700
701 UINT32 identityFlags = sspi_GetAuthIdentityFlags(identity);
702
703 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
704 {
705 if (!sspi_GetAuthIdentityUserDomainA(identity, &UserA, &UserLength, &DomainA,
706 &DomainLength))
707 goto cleanup;
708
709 if (!sspi_GetAuthIdentityPasswordA(identity, &PasswordA, &PasswordLength))
710 goto cleanup;
711
712 if (UserA && (UserLength > 0))
713 {
714 WCHAR* ptr = ConvertUtf8NToWCharAlloc(UserA, UserLength, nullptr);
715 *pUser = ptr;
716
717 if (!ptr)
718 goto cleanup;
719 }
720
721 if (DomainA && (DomainLength > 0))
722 {
723 WCHAR* ptr = ConvertUtf8NToWCharAlloc(DomainA, DomainLength, nullptr);
724 *pDomain = ptr;
725 if (!ptr)
726 goto cleanup;
727 }
728
729 if (PasswordA && (PasswordLength > 0))
730 {
731 WCHAR* ptr = ConvertUtf8NToWCharAlloc(PasswordA, PasswordLength, nullptr);
732
733 *pPassword = ptr;
734 if (!ptr)
735 goto cleanup;
736 }
737
738 success = TRUE;
739 }
740 else
741 {
742 if (!sspi_GetAuthIdentityUserDomainW(identity, &UserW, &UserLength, &DomainW,
743 &DomainLength))
744 goto cleanup;
745
746 if (!sspi_GetAuthIdentityPasswordW(identity, &PasswordW, &PasswordLength))
747 goto cleanup;
748
749 if (UserW && UserLength)
750 {
751 *pUser = _wcsdup(UserW);
752
753 if (!(*pUser))
754 goto cleanup;
755 }
756
757 if (DomainW && DomainLength)
758 {
759 *pDomain = _wcsdup(DomainW);
760
761 if (!(*pDomain))
762 goto cleanup;
763 }
764
765 if (PasswordW && PasswordLength)
766 {
767 *pPassword = _wcsdup(PasswordW);
768
769 if (!(*pPassword))
770 goto cleanup;
771 }
772
773 success = TRUE;
774 }
775
776cleanup:
777 return success;
778}
779
780BOOL sspi_CopyAuthPackageListA(const SEC_WINNT_AUTH_IDENTITY_INFO* identity, char** pPackageList)
781{
782 UINT32 version = 0;
783 UINT32 identityFlags = 0;
784 char* PackageList = nullptr;
785 const char* PackageListA = nullptr;
786 const WCHAR* PackageListW = nullptr;
787 UINT32 PackageListLength = 0;
788 UINT32 PackageListOffset = 0;
789 const void* pAuthData = (const void*)identity;
790
791 if (!pAuthData)
792 return FALSE;
793
794 version = sspi_GetAuthIdentityVersion(pAuthData);
795 identityFlags = sspi_GetAuthIdentityFlags(pAuthData);
796
797 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
798 {
799 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
800 {
801 const SEC_WINNT_AUTH_IDENTITY_EXA* ad = (const SEC_WINNT_AUTH_IDENTITY_EXA*)pAuthData;
802 PackageListA = (const char*)ad->PackageList;
803 PackageListLength = ad->PackageListLength;
804 }
805
806 if (PackageListA && PackageListLength)
807 {
808 PackageList = _strdup(PackageListA);
809 }
810 }
811 else
812 {
813 if (version == SEC_WINNT_AUTH_IDENTITY_VERSION)
814 {
815 const SEC_WINNT_AUTH_IDENTITY_EXW* ad = (const SEC_WINNT_AUTH_IDENTITY_EXW*)pAuthData;
816 PackageListW = (const WCHAR*)ad->PackageList;
817 PackageListLength = ad->PackageListLength;
818 }
819 else if (version == SEC_WINNT_AUTH_IDENTITY_VERSION_2)
820 {
821 const SEC_WINNT_AUTH_IDENTITY_EX2* ad = (const SEC_WINNT_AUTH_IDENTITY_EX2*)pAuthData;
822 PackageListOffset = ad->PackageListOffset;
823 PackageListW = (const WCHAR*)&((const uint8_t*)pAuthData)[PackageListOffset];
824 PackageListLength = ad->PackageListLength / 2;
825 }
826
827 if (PackageListW && (PackageListLength > 0))
828 PackageList = ConvertWCharNToUtf8Alloc(PackageListW, PackageListLength, nullptr);
829 }
830
831 if (PackageList)
832 {
833 *pPackageList = PackageList;
834 return TRUE;
835 }
836
837 return FALSE;
838}
839
840int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity,
841 const SEC_WINNT_AUTH_IDENTITY_INFO* srcIdentity)
842{
843 int status = 0;
844 UINT32 identityFlags = 0;
845 const char* UserA = nullptr;
846 const char* DomainA = nullptr;
847 const char* PasswordA = nullptr;
848 const WCHAR* UserW = nullptr;
849 const WCHAR* DomainW = nullptr;
850 const WCHAR* PasswordW = nullptr;
851 UINT32 UserLength = 0;
852 UINT32 DomainLength = 0;
853 UINT32 PasswordLength = 0;
854
855 sspi_FreeAuthIdentity(identity);
856
857 identityFlags = sspi_GetAuthIdentityFlags(srcIdentity);
858
859 identity->Flags = identityFlags;
860
861 if (identityFlags & SEC_WINNT_AUTH_IDENTITY_ANSI)
862 {
863 if (!sspi_GetAuthIdentityUserDomainA(srcIdentity, &UserA, &UserLength, &DomainA,
864 &DomainLength))
865 {
866 return -1;
867 }
868
869 if (!sspi_GetAuthIdentityPasswordA(srcIdentity, &PasswordA, &PasswordLength))
870 {
871 return -1;
872 }
873
874 status = sspi_SetAuthIdentity(identity, UserA, DomainA, PasswordA);
875
876 if (status <= 0)
877 return -1;
878
879 identity->Flags &= (uint32_t)~SEC_WINNT_AUTH_IDENTITY_ANSI;
880 identity->Flags |= SEC_WINNT_AUTH_IDENTITY_UNICODE;
881 return 1;
882 }
883
884 identity->Flags |= SEC_WINNT_AUTH_IDENTITY_UNICODE;
885
886 if (!sspi_GetAuthIdentityUserDomainW(srcIdentity, &UserW, &UserLength, &DomainW, &DomainLength))
887 {
888 return -1;
889 }
890
891 if (!sspi_GetAuthIdentityPasswordW(srcIdentity, &PasswordW, &PasswordLength))
892 {
893 return -1;
894 }
895
896 /* login/password authentication */
897 identity->UserLength = UserLength;
898
899 if (identity->UserLength > 0)
900 {
901 identity->User = (UINT16*)calloc((identity->UserLength + 1), sizeof(WCHAR));
902
903 if (!identity->User)
904 return -1;
905
906 CopyMemory(identity->User, UserW, identity->UserLength * sizeof(WCHAR));
907 identity->User[identity->UserLength] = 0;
908 }
909
910 identity->DomainLength = DomainLength;
911
912 if (identity->DomainLength > 0)
913 {
914 identity->Domain = (UINT16*)calloc((identity->DomainLength + 1), sizeof(WCHAR));
915
916 if (!identity->Domain)
917 return -1;
918
919 CopyMemory(identity->Domain, DomainW, identity->DomainLength * sizeof(WCHAR));
920 identity->Domain[identity->DomainLength] = 0;
921 }
922
923 identity->PasswordLength = PasswordLength;
924
925 if (identity->PasswordLength > SSPI_CREDENTIALS_HASH_LENGTH_OFFSET)
926 identity->PasswordLength -= SSPI_CREDENTIALS_HASH_LENGTH_OFFSET;
927
928 if (PasswordW)
929 {
930 identity->Password = (UINT16*)calloc((identity->PasswordLength + 1), sizeof(WCHAR));
931
932 if (!identity->Password)
933 return -1;
934
935 CopyMemory(identity->Password, PasswordW, identity->PasswordLength * sizeof(WCHAR));
936 identity->Password[identity->PasswordLength] = 0;
937 }
938
939 identity->PasswordLength = PasswordLength;
940 /* End of login/password authentication */
941 return 1;
942}
943
944PSecBuffer sspi_FindSecBuffer(PSecBufferDesc pMessage, ULONG BufferType)
945{
946 PSecBuffer pSecBuffer = nullptr;
947
948 for (UINT32 index = 0; index < pMessage->cBuffers; index++)
949 {
950 if (pMessage->pBuffers[index].BufferType == BufferType)
951 {
952 pSecBuffer = &pMessage->pBuffers[index];
953 break;
954 }
955 }
956
957 return pSecBuffer;
958}
959
960static BOOL WINPR_init(void)
961{
962
963 for (size_t x = 0; x < ARRAYSIZE(SecurityFunctionTableA_NAME_LIST); x++)
964 {
965 const SecurityFunctionTableA_NAME* cur = &SecurityFunctionTableA_NAME_LIST[x];
966 InitializeConstWCharFromUtf8(cur->Name, BUFFER_NAME_LIST_W[x],
967 ARRAYSIZE(BUFFER_NAME_LIST_W[x]));
968 }
969 return TRUE;
970}
971
972static BOOL CALLBACK sspi_init(WINPR_ATTR_UNUSED PINIT_ONCE InitOnce,
973 WINPR_ATTR_UNUSED PVOID Parameter, WINPR_ATTR_UNUSED PVOID* Context)
974{
975 if (!winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT))
976 return FALSE;
977 sspi_ContextBufferAllocTableNew();
978 if (!SCHANNEL_init())
979 return FALSE;
980 if (!KERBEROS_init())
981 return FALSE;
982 if (!NTLM_init())
983 return FALSE;
984 if (!CREDSSP_init())
985 return FALSE;
986 if (!NEGOTIATE_init())
987 return FALSE;
988 return WINPR_init();
989}
990
991void sspi_GlobalInit(void)
992{
993 static INIT_ONCE once = INIT_ONCE_STATIC_INIT;
994 DWORD flags = 0;
995 if (!InitOnceExecuteOnce(&once, sspi_init, &flags, nullptr))
996 WLog_ERR(TAG, "InitOnceExecuteOnce failed");
997}
998
999void sspi_GlobalFinish(void)
1000{
1001 sspi_ContextBufferAllocTableFree();
1002}
1003
1004static const SecurityFunctionTableA* sspi_GetSecurityFunctionTableAByNameA(const SEC_CHAR* Name)
1005{
1006 size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1007
1008 for (size_t index = 0; index < cPackages; index++)
1009 {
1010 if (strcmp(Name, SecurityFunctionTableA_NAME_LIST[index].Name) == 0)
1011 {
1012 return SecurityFunctionTableA_NAME_LIST[index].SecurityFunctionTable;
1013 }
1014 }
1015
1016 return nullptr;
1017}
1018
1019static const SecurityFunctionTableW* sspi_GetSecurityFunctionTableWByNameW(const SEC_WCHAR* Name)
1020{
1021 size_t cPackages = ARRAYSIZE(SecPkgInfoW_LIST);
1022
1023 for (size_t index = 0; index < cPackages; index++)
1024 {
1025 if (_wcscmp(Name, SecurityFunctionTableW_NAME_LIST[index].Name) == 0)
1026 {
1027 return SecurityFunctionTableW_NAME_LIST[index].SecurityFunctionTable;
1028 }
1029 }
1030
1031 return nullptr;
1032}
1033
1034static const SecurityFunctionTableW* sspi_GetSecurityFunctionTableWByNameA(const SEC_CHAR* Name)
1035{
1036 SEC_WCHAR* NameW = nullptr;
1037 const SecurityFunctionTableW* table = nullptr;
1038
1039 if (!Name)
1040 return nullptr;
1041
1042 NameW = ConvertUtf8ToWCharAlloc(Name, nullptr);
1043
1044 if (!NameW)
1045 return nullptr;
1046
1047 table = sspi_GetSecurityFunctionTableWByNameW(NameW);
1048 free(NameW);
1049 return table;
1050}
1051
1052static void FreeContextBuffer_EnumerateSecurityPackages(void* contextBuffer);
1053static void FreeContextBuffer_QuerySecurityPackageInfo(void* contextBuffer);
1054
1055void sspi_ContextBufferFree(void* contextBuffer)
1056{
1057 UINT32 allocatorIndex = 0;
1058
1059 for (size_t index = 0; index < ContextBufferAllocTable.cMaxEntries; index++)
1060 {
1061 if (contextBuffer == ContextBufferAllocTable.entries[index].contextBuffer)
1062 {
1063 contextBuffer = ContextBufferAllocTable.entries[index].contextBuffer;
1064 allocatorIndex = ContextBufferAllocTable.entries[index].allocatorIndex;
1065 ContextBufferAllocTable.cEntries--;
1066 ContextBufferAllocTable.entries[index].allocatorIndex = 0;
1067 ContextBufferAllocTable.entries[index].contextBuffer = nullptr;
1068
1069 switch (allocatorIndex)
1070 {
1071 case EnumerateSecurityPackagesIndex:
1072 FreeContextBuffer_EnumerateSecurityPackages(contextBuffer);
1073 break;
1074
1075 case QuerySecurityPackageInfoIndex:
1076 FreeContextBuffer_QuerySecurityPackageInfo(contextBuffer);
1077 break;
1078 default:
1079 break;
1080 }
1081 }
1082 }
1083}
1084
1089/* Package Management */
1090
1091static SECURITY_STATUS SEC_ENTRY winpr_EnumerateSecurityPackagesW(ULONG* pcPackages,
1092 PSecPkgInfoW* ppPackageInfo)
1093{
1094 const size_t cPackages = ARRAYSIZE(SecPkgInfoW_LIST);
1095 const size_t size = sizeof(SecPkgInfoW) * cPackages;
1096 SecPkgInfoW* pPackageInfo =
1097 (SecPkgInfoW*)sspi_ContextBufferAlloc(EnumerateSecurityPackagesIndex, size);
1098
1099 WINPR_ASSERT(cPackages <= UINT32_MAX);
1100
1101 if (!pPackageInfo)
1102 return SEC_E_INSUFFICIENT_MEMORY;
1103
1104 for (size_t index = 0; index < cPackages; index++)
1105 {
1106 pPackageInfo[index].fCapabilities = SecPkgInfoW_LIST[index]->fCapabilities;
1107 pPackageInfo[index].wVersion = SecPkgInfoW_LIST[index]->wVersion;
1108 pPackageInfo[index].wRPCID = SecPkgInfoW_LIST[index]->wRPCID;
1109 pPackageInfo[index].cbMaxToken = SecPkgInfoW_LIST[index]->cbMaxToken;
1110 pPackageInfo[index].Name = _wcsdup(SecPkgInfoW_LIST[index]->Name);
1111 pPackageInfo[index].Comment = _wcsdup(SecPkgInfoW_LIST[index]->Comment);
1112 }
1113
1114 *(pcPackages) = (UINT32)cPackages;
1115 *(ppPackageInfo) = pPackageInfo;
1116 return SEC_E_OK;
1117}
1118
1119static SECURITY_STATUS SEC_ENTRY winpr_EnumerateSecurityPackagesA(ULONG* pcPackages,
1120 PSecPkgInfoA* ppPackageInfo)
1121{
1122 const size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1123 const size_t size = sizeof(SecPkgInfoA) * cPackages;
1124 SecPkgInfoA* pPackageInfo =
1125 (SecPkgInfoA*)sspi_ContextBufferAlloc(EnumerateSecurityPackagesIndex, size);
1126
1127 WINPR_ASSERT(cPackages <= UINT32_MAX);
1128
1129 if (!pPackageInfo)
1130 return SEC_E_INSUFFICIENT_MEMORY;
1131
1132 for (size_t index = 0; index < cPackages; index++)
1133 {
1134 pPackageInfo[index].fCapabilities = SecPkgInfoA_LIST[index]->fCapabilities;
1135 pPackageInfo[index].wVersion = SecPkgInfoA_LIST[index]->wVersion;
1136 pPackageInfo[index].wRPCID = SecPkgInfoA_LIST[index]->wRPCID;
1137 pPackageInfo[index].cbMaxToken = SecPkgInfoA_LIST[index]->cbMaxToken;
1138 pPackageInfo[index].Name = _strdup(SecPkgInfoA_LIST[index]->Name);
1139 pPackageInfo[index].Comment = _strdup(SecPkgInfoA_LIST[index]->Comment);
1140
1141 if (!pPackageInfo[index].Name || !pPackageInfo[index].Comment)
1142 {
1143 sspi_ContextBufferFree(pPackageInfo);
1144 return SEC_E_INSUFFICIENT_MEMORY;
1145 }
1146 }
1147
1148 *(pcPackages) = (UINT32)cPackages;
1149 *(ppPackageInfo) = pPackageInfo;
1150 return SEC_E_OK;
1151}
1152
1153static void FreeContextBuffer_EnumerateSecurityPackages(void* contextBuffer)
1154{
1155 SecPkgInfoA* pPackageInfo = (SecPkgInfoA*)contextBuffer;
1156 size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1157
1158 if (!pPackageInfo)
1159 return;
1160
1161 for (size_t index = 0; index < cPackages; index++)
1162 {
1163 free(pPackageInfo[index].Name);
1164 free(pPackageInfo[index].Comment);
1165 }
1166
1167 free(pPackageInfo);
1168}
1169
1170static SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName,
1171 PSecPkgInfoW* ppPackageInfo)
1172{
1173 size_t cPackages = ARRAYSIZE(SecPkgInfoW_LIST);
1174
1175 for (size_t index = 0; index < cPackages; index++)
1176 {
1177 if (_wcscmp(pszPackageName, SecPkgInfoW_LIST[index]->Name) == 0)
1178 {
1179 size_t size = sizeof(SecPkgInfoW);
1180 SecPkgInfoW* pPackageInfo =
1181 (SecPkgInfoW*)sspi_ContextBufferAlloc(QuerySecurityPackageInfoIndex, size);
1182
1183 if (!pPackageInfo)
1184 return SEC_E_INSUFFICIENT_MEMORY;
1185
1186 pPackageInfo->fCapabilities = SecPkgInfoW_LIST[index]->fCapabilities;
1187 pPackageInfo->wVersion = SecPkgInfoW_LIST[index]->wVersion;
1188 pPackageInfo->wRPCID = SecPkgInfoW_LIST[index]->wRPCID;
1189 pPackageInfo->cbMaxToken = SecPkgInfoW_LIST[index]->cbMaxToken;
1190 pPackageInfo->Name = _wcsdup(SecPkgInfoW_LIST[index]->Name);
1191 pPackageInfo->Comment = _wcsdup(SecPkgInfoW_LIST[index]->Comment);
1192 *(ppPackageInfo) = pPackageInfo;
1193 return SEC_E_OK;
1194 }
1195 }
1196
1197 *(ppPackageInfo) = nullptr;
1198 return SEC_E_SECPKG_NOT_FOUND;
1199}
1200
1201static SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName,
1202 PSecPkgInfoA* ppPackageInfo)
1203{
1204 size_t cPackages = ARRAYSIZE(SecPkgInfoA_LIST);
1205
1206 for (size_t index = 0; index < cPackages; index++)
1207 {
1208 if (strcmp(pszPackageName, SecPkgInfoA_LIST[index]->Name) == 0)
1209 {
1210 size_t size = sizeof(SecPkgInfoA);
1211 SecPkgInfoA* pPackageInfo =
1212 (SecPkgInfoA*)sspi_ContextBufferAlloc(QuerySecurityPackageInfoIndex, size);
1213
1214 if (!pPackageInfo)
1215 return SEC_E_INSUFFICIENT_MEMORY;
1216
1217 pPackageInfo->fCapabilities = SecPkgInfoA_LIST[index]->fCapabilities;
1218 pPackageInfo->wVersion = SecPkgInfoA_LIST[index]->wVersion;
1219 pPackageInfo->wRPCID = SecPkgInfoA_LIST[index]->wRPCID;
1220 pPackageInfo->cbMaxToken = SecPkgInfoA_LIST[index]->cbMaxToken;
1221 pPackageInfo->Name = _strdup(SecPkgInfoA_LIST[index]->Name);
1222 pPackageInfo->Comment = _strdup(SecPkgInfoA_LIST[index]->Comment);
1223
1224 if (!pPackageInfo->Name || !pPackageInfo->Comment)
1225 {
1226 sspi_ContextBufferFree(pPackageInfo);
1227 return SEC_E_INSUFFICIENT_MEMORY;
1228 }
1229
1230 *(ppPackageInfo) = pPackageInfo;
1231 return SEC_E_OK;
1232 }
1233 }
1234
1235 *(ppPackageInfo) = nullptr;
1236 return SEC_E_SECPKG_NOT_FOUND;
1237}
1238
1239void FreeContextBuffer_QuerySecurityPackageInfo(void* contextBuffer)
1240{
1241 SecPkgInfo* pPackageInfo = (SecPkgInfo*)contextBuffer;
1242
1243 if (!pPackageInfo)
1244 return;
1245
1246 free(pPackageInfo->Name);
1247 free(pPackageInfo->Comment);
1248 free(pPackageInfo);
1249}
1250
1251#define log_status(what, status) log_status_((what), (status), __FILE__, __func__, __LINE__)
1252static SECURITY_STATUS log_status_(const char* what, SECURITY_STATUS status, const char* file,
1253 const char* fkt, size_t line)
1254{
1255 if (IsSecurityStatusError(status))
1256 {
1257 const DWORD level = WLOG_WARN;
1258 static wLog* log = nullptr;
1259 if (!log)
1260 log = WLog_Get(TAG);
1261
1262 if (WLog_IsLevelActive(log, level))
1263 {
1264 WLog_PrintTextMessage(log, level, line, file, fkt, "%s status %s [0x%08" PRIx32 "]",
1265 what, GetSecurityStatusString(status),
1266 WINPR_CXX_COMPAT_CAST(uint32_t, status));
1267 }
1268 }
1269 return status;
1270}
1271
1272/* Credential Management */
1273
1274static SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleW(
1275 SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
1276 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
1277 PTimeStamp ptsExpiry)
1278{
1279 SECURITY_STATUS status = 0;
1280 const SecurityFunctionTableW* table = sspi_GetSecurityFunctionTableWByNameW(pszPackage);
1281
1282 if (!table)
1283 return SEC_E_SECPKG_NOT_FOUND;
1284
1285 if (!table->AcquireCredentialsHandleW)
1286 {
1287 WLog_WARN(TAG, "Security module does not provide an implementation");
1288 return SEC_E_UNSUPPORTED_FUNCTION;
1289 }
1290
1291 status = table->AcquireCredentialsHandleW(pszPrincipal, pszPackage, fCredentialUse, pvLogonID,
1292 pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential,
1293 ptsExpiry);
1294 return log_status("AcquireCredentialsHandleW", status);
1295}
1296
1297static SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleA(
1298 SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
1299 void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
1300 PTimeStamp ptsExpiry)
1301{
1302 SECURITY_STATUS status = 0;
1303 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(pszPackage);
1304
1305 if (!table)
1306 return SEC_E_SECPKG_NOT_FOUND;
1307
1308 if (!table->AcquireCredentialsHandleA)
1309 {
1310 WLog_WARN(TAG, "Security module does not provide an implementation");
1311 return SEC_E_UNSUPPORTED_FUNCTION;
1312 }
1313
1314 status = table->AcquireCredentialsHandleA(pszPrincipal, pszPackage, fCredentialUse, pvLogonID,
1315 pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential,
1316 ptsExpiry);
1317 return log_status("AcquireCredentialsHandleA", status);
1318}
1319
1320static SECURITY_STATUS SEC_ENTRY winpr_ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags,
1321 PSecBuffer pPackedContext,
1322 HANDLE* pToken)
1323{
1324 SEC_CHAR* Name = nullptr;
1325 SECURITY_STATUS status = 0;
1326 const SecurityFunctionTableW* table = nullptr;
1327 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1328
1329 if (!Name)
1330 return SEC_E_SECPKG_NOT_FOUND;
1331
1332 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1333
1334 if (!table)
1335 return SEC_E_SECPKG_NOT_FOUND;
1336
1337 if (!table->ExportSecurityContext)
1338 {
1339 WLog_WARN(TAG, "Security module does not provide an implementation");
1340 return SEC_E_UNSUPPORTED_FUNCTION;
1341 }
1342
1343 status = table->ExportSecurityContext(phContext, fFlags, pPackedContext, pToken);
1344 return log_status("ExportSecurityContext", status);
1345}
1346
1347static SECURITY_STATUS SEC_ENTRY winpr_FreeCredentialsHandle(PCredHandle phCredential)
1348{
1349 char* Name = nullptr;
1350 SECURITY_STATUS status = 0;
1351 const SecurityFunctionTableA* table = nullptr;
1352 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1353
1354 if (!Name)
1355 return SEC_E_SECPKG_NOT_FOUND;
1356
1357 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1358
1359 if (!table)
1360 return SEC_E_SECPKG_NOT_FOUND;
1361
1362 if (!table->FreeCredentialsHandle)
1363 {
1364 WLog_WARN(TAG, "Security module does not provide an implementation");
1365 return SEC_E_UNSUPPORTED_FUNCTION;
1366 }
1367
1368 status = table->FreeCredentialsHandle(phCredential);
1369 return log_status("FreeCredentialsHandle", status);
1370}
1371
1372static SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextW(SEC_WCHAR* pszPackage,
1373 PSecBuffer pPackedContext,
1374 HANDLE pToken, PCtxtHandle phContext)
1375{
1376 SEC_CHAR* Name = nullptr;
1377 SECURITY_STATUS status = 0;
1378 const SecurityFunctionTableW* table = nullptr;
1379 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1380
1381 if (!Name)
1382 return SEC_E_SECPKG_NOT_FOUND;
1383
1384 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1385
1386 if (!table)
1387 return SEC_E_SECPKG_NOT_FOUND;
1388
1389 if (!table->ImportSecurityContextW)
1390 {
1391 WLog_WARN(TAG, "Security module does not provide an implementation");
1392 return SEC_E_UNSUPPORTED_FUNCTION;
1393 }
1394
1395 status = table->ImportSecurityContextW(pszPackage, pPackedContext, pToken, phContext);
1396 return log_status("ImportSecurityContextW", status);
1397}
1398
1399static SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextA(SEC_CHAR* pszPackage,
1400 PSecBuffer pPackedContext,
1401 HANDLE pToken, PCtxtHandle phContext)
1402{
1403 char* Name = nullptr;
1404 SECURITY_STATUS status = 0;
1405 const SecurityFunctionTableA* table = nullptr;
1406 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1407
1408 if (!Name)
1409 return SEC_E_SECPKG_NOT_FOUND;
1410
1411 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1412
1413 if (!table)
1414 return SEC_E_SECPKG_NOT_FOUND;
1415
1416 if (!table->ImportSecurityContextA)
1417 {
1418 WLog_WARN(TAG, "Security module does not provide an implementation");
1419 return SEC_E_UNSUPPORTED_FUNCTION;
1420 }
1421
1422 status = table->ImportSecurityContextA(pszPackage, pPackedContext, pToken, phContext);
1423 return log_status("ImportSecurityContextA", status);
1424}
1425
1426static SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesW(PCredHandle phCredential,
1427 ULONG ulAttribute, void* pBuffer)
1428{
1429 SEC_WCHAR* Name = nullptr;
1430 SECURITY_STATUS status = 0;
1431 const SecurityFunctionTableW* table = nullptr;
1432 Name = (SEC_WCHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1433
1434 if (!Name)
1435 return SEC_E_SECPKG_NOT_FOUND;
1436
1437 table = sspi_GetSecurityFunctionTableWByNameW(Name);
1438
1439 if (!table)
1440 return SEC_E_SECPKG_NOT_FOUND;
1441
1442 if (!table->QueryCredentialsAttributesW)
1443 {
1444 WLog_WARN(TAG, "Security module does not provide an implementation");
1445 return SEC_E_UNSUPPORTED_FUNCTION;
1446 }
1447
1448 status = table->QueryCredentialsAttributesW(phCredential, ulAttribute, pBuffer);
1449 return log_status("QueryCredentialsAttributesW", status);
1450}
1451
1452static SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesA(PCredHandle phCredential,
1453 ULONG ulAttribute, void* pBuffer)
1454{
1455 char* Name = nullptr;
1456 SECURITY_STATUS status = 0;
1457 const SecurityFunctionTableA* table = nullptr;
1458 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1459
1460 if (!Name)
1461 return SEC_E_SECPKG_NOT_FOUND;
1462
1463 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1464
1465 if (!table)
1466 return SEC_E_SECPKG_NOT_FOUND;
1467
1468 if (!table->QueryCredentialsAttributesA)
1469 {
1470 WLog_WARN(TAG, "Security module does not provide an implementation");
1471 return SEC_E_UNSUPPORTED_FUNCTION;
1472 }
1473
1474 status = table->QueryCredentialsAttributesA(phCredential, ulAttribute, pBuffer);
1475 return log_status("QueryCredentialsAttributesA", status);
1476}
1477
1478static SECURITY_STATUS SEC_ENTRY winpr_SetCredentialsAttributesW(PCredHandle phCredential,
1479 ULONG ulAttribute, void* pBuffer,
1480 ULONG cbBuffer)
1481{
1482 SEC_WCHAR* Name = nullptr;
1483 SECURITY_STATUS status = 0;
1484 const SecurityFunctionTableW* table = nullptr;
1485 Name = (SEC_WCHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1486
1487 if (!Name)
1488 return SEC_E_SECPKG_NOT_FOUND;
1489
1490 table = sspi_GetSecurityFunctionTableWByNameW(Name);
1491
1492 if (!table)
1493 return SEC_E_SECPKG_NOT_FOUND;
1494
1495 if (!table->SetCredentialsAttributesW)
1496 {
1497 WLog_WARN(TAG, "Security module does not provide an implementation");
1498 return SEC_E_UNSUPPORTED_FUNCTION;
1499 }
1500
1501 status = table->SetCredentialsAttributesW(phCredential, ulAttribute, pBuffer, cbBuffer);
1502 return log_status("SetCredentialsAttributesW", status);
1503}
1504
1505static SECURITY_STATUS SEC_ENTRY winpr_SetCredentialsAttributesA(PCredHandle phCredential,
1506 ULONG ulAttribute, void* pBuffer,
1507 ULONG cbBuffer)
1508{
1509 char* Name = nullptr;
1510 SECURITY_STATUS status = 0;
1511 const SecurityFunctionTableA* table = nullptr;
1512 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1513
1514 if (!Name)
1515 return SEC_E_SECPKG_NOT_FOUND;
1516
1517 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1518
1519 if (!table)
1520 return SEC_E_SECPKG_NOT_FOUND;
1521
1522 if (!table->SetCredentialsAttributesA)
1523 {
1524 WLog_WARN(TAG, "Security module does not provide an implementation");
1525 return SEC_E_UNSUPPORTED_FUNCTION;
1526 }
1527
1528 status = table->SetCredentialsAttributesA(phCredential, ulAttribute, pBuffer, cbBuffer);
1529 return log_status("SetCredentialsAttributesA", status);
1530}
1531
1532/* Context Management */
1533
1534static SECURITY_STATUS SEC_ENTRY
1535winpr_AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
1536 ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
1537 PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
1538{
1539 char* Name = nullptr;
1540 SECURITY_STATUS status = 0;
1541 const SecurityFunctionTableA* table = nullptr;
1542 Name = (char*)sspi_SecureHandleGetUpperPointer(phCredential);
1543
1544 if (!Name)
1545 return SEC_E_SECPKG_NOT_FOUND;
1546
1547 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1548
1549 if (!table)
1550 return SEC_E_SECPKG_NOT_FOUND;
1551
1552 if (!table->AcceptSecurityContext)
1553 {
1554 WLog_WARN(TAG, "Security module does not provide an implementation");
1555 return SEC_E_UNSUPPORTED_FUNCTION;
1556 }
1557
1558 status =
1559 table->AcceptSecurityContext(phCredential, phContext, pInput, fContextReq, TargetDataRep,
1560 phNewContext, pOutput, pfContextAttr, ptsTimeStamp);
1561 return log_status("AcceptSecurityContext", status);
1562}
1563
1564static SECURITY_STATUS SEC_ENTRY winpr_ApplyControlToken(PCtxtHandle phContext,
1565 PSecBufferDesc pInput)
1566{
1567 char* Name = nullptr;
1568 SECURITY_STATUS status = 0;
1569 const SecurityFunctionTableA* table = nullptr;
1570 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1571
1572 if (!Name)
1573 return SEC_E_SECPKG_NOT_FOUND;
1574
1575 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1576
1577 if (!table)
1578 return SEC_E_SECPKG_NOT_FOUND;
1579
1580 if (!table->ApplyControlToken)
1581 {
1582 WLog_WARN(TAG, "Security module does not provide an implementation");
1583 return SEC_E_UNSUPPORTED_FUNCTION;
1584 }
1585
1586 status = table->ApplyControlToken(phContext, pInput);
1587 return log_status("ApplyControlToken", status);
1588}
1589
1590static SECURITY_STATUS SEC_ENTRY winpr_CompleteAuthToken(PCtxtHandle phContext,
1591 PSecBufferDesc pToken)
1592{
1593 char* Name = nullptr;
1594 SECURITY_STATUS status = 0;
1595 const SecurityFunctionTableA* table = nullptr;
1596 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1597
1598 if (!Name)
1599 return SEC_E_SECPKG_NOT_FOUND;
1600
1601 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1602
1603 if (!table)
1604 return SEC_E_SECPKG_NOT_FOUND;
1605
1606 if (!table->CompleteAuthToken)
1607 {
1608 WLog_WARN(TAG, "Security module does not provide an implementation");
1609 return SEC_E_UNSUPPORTED_FUNCTION;
1610 }
1611
1612 status = table->CompleteAuthToken(phContext, pToken);
1613 return log_status("CompleteAuthToken", status);
1614}
1615
1616static SECURITY_STATUS SEC_ENTRY winpr_DeleteSecurityContext(PCtxtHandle phContext)
1617{
1618 const char* Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1619
1620 if (!Name)
1621 return SEC_E_SECPKG_NOT_FOUND;
1622
1623 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(Name);
1624
1625 if (!table)
1626 return SEC_E_SECPKG_NOT_FOUND;
1627
1628 if (!table->DeleteSecurityContext)
1629 {
1630 WLog_WARN(TAG, "Security module does not provide an implementation");
1631 return SEC_E_UNSUPPORTED_FUNCTION;
1632 }
1633
1634 const SECURITY_STATUS status = table->DeleteSecurityContext(phContext);
1635 return log_status("DeleteSecurityContext", status);
1636}
1637
1638static SECURITY_STATUS SEC_ENTRY winpr_FreeContextBuffer(void* pvContextBuffer)
1639{
1640 if (!pvContextBuffer)
1641 return SEC_E_INVALID_HANDLE;
1642
1643 sspi_ContextBufferFree(pvContextBuffer);
1644 return SEC_E_OK;
1645}
1646
1647static SECURITY_STATUS SEC_ENTRY winpr_ImpersonateSecurityContext(PCtxtHandle phContext)
1648{
1649 SEC_CHAR* Name = nullptr;
1650 SECURITY_STATUS status = 0;
1651 const SecurityFunctionTableW* table = nullptr;
1652 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1653
1654 if (!Name)
1655 return SEC_E_SECPKG_NOT_FOUND;
1656
1657 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1658
1659 if (!table)
1660 return SEC_E_SECPKG_NOT_FOUND;
1661
1662 if (!table->ImpersonateSecurityContext)
1663 {
1664 WLog_WARN(TAG, "Security module does not provide an implementation");
1665 return SEC_E_UNSUPPORTED_FUNCTION;
1666 }
1667
1668 status = table->ImpersonateSecurityContext(phContext);
1669 return log_status("ImpersonateSecurityContext", status);
1670}
1671
1672static SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextW(
1673 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq,
1674 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
1675 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
1676{
1677 SEC_CHAR* Name = nullptr;
1678 SECURITY_STATUS status = 0;
1679 const SecurityFunctionTableW* table = nullptr;
1680 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1681
1682 if (!Name)
1683 return SEC_E_SECPKG_NOT_FOUND;
1684
1685 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1686
1687 if (!table)
1688 return SEC_E_SECPKG_NOT_FOUND;
1689
1690 if (!table->InitializeSecurityContextW)
1691 {
1692 WLog_WARN(TAG, "Security module does not provide an implementation");
1693 return SEC_E_UNSUPPORTED_FUNCTION;
1694 }
1695
1696 status = table->InitializeSecurityContextW(phCredential, phContext, pszTargetName, fContextReq,
1697 Reserved1, TargetDataRep, pInput, Reserved2,
1698 phNewContext, pOutput, pfContextAttr, ptsExpiry);
1699 return log_status("InitializeSecurityContextW", status);
1700}
1701
1702static SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextA(
1703 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq,
1704 ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
1705 PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
1706{
1707 SEC_CHAR* Name = nullptr;
1708 SECURITY_STATUS status = 0;
1709 const SecurityFunctionTableA* table = nullptr;
1710 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phCredential);
1711
1712 if (!Name)
1713 return SEC_E_SECPKG_NOT_FOUND;
1714
1715 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1716
1717 if (!table)
1718 return SEC_E_SECPKG_NOT_FOUND;
1719
1720 if (!table->InitializeSecurityContextA)
1721 {
1722 WLog_WARN(TAG, "Security module does not provide an implementation");
1723 return SEC_E_UNSUPPORTED_FUNCTION;
1724 }
1725
1726 status = table->InitializeSecurityContextA(phCredential, phContext, pszTargetName, fContextReq,
1727 Reserved1, TargetDataRep, pInput, Reserved2,
1728 phNewContext, pOutput, pfContextAttr, ptsExpiry);
1729
1730 return log_status("InitializeSecurityContextA", status);
1731}
1732
1733static SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesW(PCtxtHandle phContext,
1734 ULONG ulAttribute, void* pBuffer)
1735{
1736 SEC_CHAR* Name = nullptr;
1737 SECURITY_STATUS status = 0;
1738 const SecurityFunctionTableW* table = nullptr;
1739 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1740
1741 if (!Name)
1742 return SEC_E_SECPKG_NOT_FOUND;
1743
1744 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1745
1746 if (!table)
1747 return SEC_E_SECPKG_NOT_FOUND;
1748
1749 if (!table->QueryContextAttributesW)
1750 {
1751 WLog_WARN(TAG, "Security module does not provide an implementation");
1752 return SEC_E_UNSUPPORTED_FUNCTION;
1753 }
1754
1755 status = table->QueryContextAttributesW(phContext, ulAttribute, pBuffer);
1756 return log_status("QueryContextAttributesW", status);
1757}
1758
1759static SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesA(PCtxtHandle phContext,
1760 ULONG ulAttribute, void* pBuffer)
1761{
1762 SEC_CHAR* Name = nullptr;
1763 SECURITY_STATUS status = 0;
1764 const SecurityFunctionTableA* table = nullptr;
1765 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1766
1767 if (!Name)
1768 return SEC_E_SECPKG_NOT_FOUND;
1769
1770 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1771
1772 if (!table)
1773 return SEC_E_SECPKG_NOT_FOUND;
1774
1775 if (!table->QueryContextAttributesA)
1776 {
1777 WLog_WARN(TAG, "Security module does not provide an implementation");
1778 return SEC_E_UNSUPPORTED_FUNCTION;
1779 }
1780
1781 status = table->QueryContextAttributesA(phContext, ulAttribute, pBuffer);
1782 return log_status("QueryContextAttributesA", status);
1783}
1784
1785static SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityContextToken(PCtxtHandle phContext,
1786 HANDLE* phToken)
1787{
1788 SEC_CHAR* Name = nullptr;
1789 SECURITY_STATUS status = 0;
1790 const SecurityFunctionTableW* table = nullptr;
1791 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1792
1793 if (!Name)
1794 return SEC_E_SECPKG_NOT_FOUND;
1795
1796 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1797
1798 if (!table)
1799 return SEC_E_SECPKG_NOT_FOUND;
1800
1801 if (!table->QuerySecurityContextToken)
1802 {
1803 WLog_WARN(TAG, "Security module does not provide an implementation");
1804 return SEC_E_UNSUPPORTED_FUNCTION;
1805 }
1806
1807 status = table->QuerySecurityContextToken(phContext, phToken);
1808 return log_status("QuerySecurityContextToken", status);
1809}
1810
1811static SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesW(PCtxtHandle phContext,
1812 ULONG ulAttribute, void* pBuffer,
1813 ULONG cbBuffer)
1814{
1815 SEC_CHAR* Name = nullptr;
1816 SECURITY_STATUS status = 0;
1817 const SecurityFunctionTableW* table = nullptr;
1818 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1819
1820 if (!Name)
1821 return SEC_E_SECPKG_NOT_FOUND;
1822
1823 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1824
1825 if (!table)
1826 return SEC_E_SECPKG_NOT_FOUND;
1827
1828 if (!table->SetContextAttributesW)
1829 {
1830 WLog_WARN(TAG, "Security module does not provide an implementation");
1831 return SEC_E_UNSUPPORTED_FUNCTION;
1832 }
1833
1834 status = table->SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
1835 return log_status("SetContextAttributesW", status);
1836}
1837
1838static SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesA(PCtxtHandle phContext,
1839 ULONG ulAttribute, void* pBuffer,
1840 ULONG cbBuffer)
1841{
1842 char* Name = nullptr;
1843 SECURITY_STATUS status = 0;
1844 const SecurityFunctionTableA* table = nullptr;
1845 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1846
1847 if (!Name)
1848 return SEC_E_SECPKG_NOT_FOUND;
1849
1850 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1851
1852 if (!table)
1853 return SEC_E_SECPKG_NOT_FOUND;
1854
1855 if (!table->SetContextAttributesA)
1856 {
1857 WLog_WARN(TAG, "Security module does not provide an implementation");
1858 return SEC_E_UNSUPPORTED_FUNCTION;
1859 }
1860
1861 status = table->SetContextAttributesA(phContext, ulAttribute, pBuffer, cbBuffer);
1862 return log_status("SetContextAttributesA", status);
1863}
1864
1865static SECURITY_STATUS SEC_ENTRY winpr_RevertSecurityContext(PCtxtHandle phContext)
1866{
1867 SEC_CHAR* Name = nullptr;
1868 SECURITY_STATUS status = 0;
1869 const SecurityFunctionTableW* table = nullptr;
1870 Name = (SEC_CHAR*)sspi_SecureHandleGetUpperPointer(phContext);
1871
1872 if (!Name)
1873 return SEC_E_SECPKG_NOT_FOUND;
1874
1875 table = sspi_GetSecurityFunctionTableWByNameA(Name);
1876
1877 if (!table)
1878 return SEC_E_SECPKG_NOT_FOUND;
1879
1880 if (!table->RevertSecurityContext)
1881 {
1882 WLog_WARN(TAG, "Security module does not provide an implementation");
1883 return SEC_E_UNSUPPORTED_FUNCTION;
1884 }
1885
1886 status = table->RevertSecurityContext(phContext);
1887
1888 return log_status("RevertSecurityContext", status);
1889}
1890
1891/* Message Support */
1892
1893static SECURITY_STATUS SEC_ENTRY winpr_DecryptMessage(PCtxtHandle phContext,
1894 PSecBufferDesc pMessage, ULONG MessageSeqNo,
1895 PULONG pfQOP)
1896{
1897 char* Name = nullptr;
1898 SECURITY_STATUS status = 0;
1899 const SecurityFunctionTableA* table = nullptr;
1900 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1901
1902 if (!Name)
1903 return SEC_E_SECPKG_NOT_FOUND;
1904
1905 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1906
1907 if (!table)
1908 return SEC_E_SECPKG_NOT_FOUND;
1909
1910 if (!table->DecryptMessage)
1911 {
1912 WLog_WARN(TAG, "Security module does not provide an implementation");
1913 return SEC_E_UNSUPPORTED_FUNCTION;
1914 }
1915
1916 status = table->DecryptMessage(phContext, pMessage, MessageSeqNo, pfQOP);
1917
1918 return log_status("DecryptMessage", status);
1919}
1920
1921static SECURITY_STATUS SEC_ENTRY winpr_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
1922 PSecBufferDesc pMessage, ULONG MessageSeqNo)
1923{
1924 char* Name = nullptr;
1925 SECURITY_STATUS status = 0;
1926 const SecurityFunctionTableA* table = nullptr;
1927 Name = (char*)sspi_SecureHandleGetUpperPointer(phContext);
1928
1929 if (!Name)
1930 return SEC_E_SECPKG_NOT_FOUND;
1931
1932 table = sspi_GetSecurityFunctionTableAByNameA(Name);
1933
1934 if (!table)
1935 return SEC_E_SECPKG_NOT_FOUND;
1936
1937 if (!table->EncryptMessage)
1938 {
1939 WLog_WARN(TAG, "Security module does not provide an implementation");
1940 return SEC_E_UNSUPPORTED_FUNCTION;
1941 }
1942
1943 status = table->EncryptMessage(phContext, fQOP, pMessage, MessageSeqNo);
1944 return log_status("EncryptMessage", status);
1945}
1946
1947static SECURITY_STATUS SEC_ENTRY winpr_MakeSignature(PCtxtHandle phContext, ULONG fQOP,
1948 PSecBufferDesc pMessage, ULONG MessageSeqNo)
1949{
1950 SECURITY_STATUS status = 0;
1951 const char* Name = (const char*)sspi_SecureHandleGetUpperPointer(phContext);
1952
1953 if (!Name)
1954 return SEC_E_SECPKG_NOT_FOUND;
1955
1956 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(Name);
1957
1958 if (!table)
1959 return SEC_E_SECPKG_NOT_FOUND;
1960
1961 if (!table->MakeSignature)
1962 {
1963 WLog_WARN(TAG, "Security module does not provide an implementation");
1964 return SEC_E_UNSUPPORTED_FUNCTION;
1965 }
1966
1967 status = table->MakeSignature(phContext, fQOP, pMessage, MessageSeqNo);
1968 return log_status("MakeSignature", status);
1969}
1970
1971static SECURITY_STATUS SEC_ENTRY winpr_VerifySignature(PCtxtHandle phContext,
1972 PSecBufferDesc pMessage, ULONG MessageSeqNo,
1973 PULONG pfQOP)
1974{
1975 SECURITY_STATUS status = 0;
1976
1977 const char* Name = (const char*)sspi_SecureHandleGetUpperPointer(phContext);
1978
1979 if (!Name)
1980 return SEC_E_SECPKG_NOT_FOUND;
1981
1982 const SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(Name);
1983
1984 if (!table)
1985 return SEC_E_SECPKG_NOT_FOUND;
1986
1987 if (!table->VerifySignature)
1988 {
1989 WLog_WARN(TAG, "Security module does not provide an implementation");
1990 return SEC_E_UNSUPPORTED_FUNCTION;
1991 }
1992
1993 status = table->VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
1994
1995 return log_status("VerifySignature", status);
1996}
1997
1998static SecurityFunctionTableA winpr_SecurityFunctionTableA = {
1999 3, /* dwVersion */
2000 winpr_EnumerateSecurityPackagesA, /* EnumerateSecurityPackages */
2001 winpr_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
2002 winpr_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */
2003 winpr_FreeCredentialsHandle, /* FreeCredentialsHandle */
2004 nullptr, /* Reserved2 */
2005 winpr_InitializeSecurityContextA, /* InitializeSecurityContext */
2006 winpr_AcceptSecurityContext, /* AcceptSecurityContext */
2007 winpr_CompleteAuthToken, /* CompleteAuthToken */
2008 winpr_DeleteSecurityContext, /* DeleteSecurityContext */
2009 winpr_ApplyControlToken, /* ApplyControlToken */
2010 winpr_QueryContextAttributesA, /* QueryContextAttributes */
2011 winpr_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
2012 winpr_RevertSecurityContext, /* RevertSecurityContext */
2013 winpr_MakeSignature, /* MakeSignature */
2014 winpr_VerifySignature, /* VerifySignature */
2015 winpr_FreeContextBuffer, /* FreeContextBuffer */
2016 winpr_QuerySecurityPackageInfoA, /* QuerySecurityPackageInfo */
2017 nullptr, /* Reserved3 */
2018 nullptr, /* Reserved4 */
2019 winpr_ExportSecurityContext, /* ExportSecurityContext */
2020 winpr_ImportSecurityContextA, /* ImportSecurityContext */
2021 nullptr, /* AddCredentials */
2022 nullptr, /* Reserved8 */
2023 winpr_QuerySecurityContextToken, /* QuerySecurityContextToken */
2024 winpr_EncryptMessage, /* EncryptMessage */
2025 winpr_DecryptMessage, /* DecryptMessage */
2026 winpr_SetContextAttributesA, /* SetContextAttributes */
2027 winpr_SetCredentialsAttributesA, /* SetCredentialsAttributes */
2028};
2029
2030static SecurityFunctionTableW winpr_SecurityFunctionTableW = {
2031 3, /* dwVersion */
2032 winpr_EnumerateSecurityPackagesW, /* EnumerateSecurityPackages */
2033 winpr_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
2034 winpr_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */
2035 winpr_FreeCredentialsHandle, /* FreeCredentialsHandle */
2036 nullptr, /* Reserved2 */
2037 winpr_InitializeSecurityContextW, /* InitializeSecurityContext */
2038 winpr_AcceptSecurityContext, /* AcceptSecurityContext */
2039 winpr_CompleteAuthToken, /* CompleteAuthToken */
2040 winpr_DeleteSecurityContext, /* DeleteSecurityContext */
2041 winpr_ApplyControlToken, /* ApplyControlToken */
2042 winpr_QueryContextAttributesW, /* QueryContextAttributes */
2043 winpr_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
2044 winpr_RevertSecurityContext, /* RevertSecurityContext */
2045 winpr_MakeSignature, /* MakeSignature */
2046 winpr_VerifySignature, /* VerifySignature */
2047 winpr_FreeContextBuffer, /* FreeContextBuffer */
2048 winpr_QuerySecurityPackageInfoW, /* QuerySecurityPackageInfo */
2049 nullptr, /* Reserved3 */
2050 nullptr, /* Reserved4 */
2051 winpr_ExportSecurityContext, /* ExportSecurityContext */
2052 winpr_ImportSecurityContextW, /* ImportSecurityContext */
2053 nullptr, /* AddCredentials */
2054 nullptr, /* Reserved8 */
2055 winpr_QuerySecurityContextToken, /* QuerySecurityContextToken */
2056 winpr_EncryptMessage, /* EncryptMessage */
2057 winpr_DecryptMessage, /* DecryptMessage */
2058 winpr_SetContextAttributesW, /* SetContextAttributes */
2059 winpr_SetCredentialsAttributesW, /* SetCredentialsAttributes */
2060};
2061
2062SecurityFunctionTableW* SEC_ENTRY winpr_InitSecurityInterfaceW(void)
2063{
2064 return &winpr_SecurityFunctionTableW;
2065}
2066
2067SecurityFunctionTableA* SEC_ENTRY winpr_InitSecurityInterfaceA(void)
2068{
2069 return &winpr_SecurityFunctionTableA;
2070}
RTL_RUN_ONCE
Definition include/winpr/synch.h:388
SECURITY_INTEGER
Definition include/winpr/sspi.h:51
SEC_WINNT_AUTH_IDENTITY_A
Definition include/winpr/sspi.h:690
SEC_WINNT_AUTH_IDENTITY_EX2
Definition include/winpr/sspi.h:759
SEC_WINNT_AUTH_IDENTITY_EXA
Definition include/winpr/sspi.h:731
SEC_WINNT_AUTH_IDENTITY_EXW
Definition include/winpr/sspi.h:716
SEC_WINNT_AUTH_IDENTITY_W
Definition include/winpr/sspi.h:679
SSPI_CREDENTIALS
Definition libwinpr/sspi/sspi.h:32
SEC_WINNT_AUTH_IDENTITY_INFO
Definition include/winpr/sspi.h:783