mirror of https://github.com/FreeRDP/FreeRDP
libfreerdp-auth: split NTLM package, implement AcquireCredentialsHandle
This commit is contained in:
parent
545c8857e3
commit
1e2b0be24a
|
@ -44,6 +44,7 @@ int add_sspi_suite(void)
|
|||
add_test_function(EnumerateSecurityPackages);
|
||||
add_test_function(QuerySecurityPackageInfo);
|
||||
add_test_function(AcquireCredentialsHandle);
|
||||
add_test_function(InitializeSecurityContext);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -95,6 +96,7 @@ void test_AcquireCredentialsHandle(void)
|
|||
SEC_TIMESTAMP expiration;
|
||||
SEC_AUTH_IDENTITY identity;
|
||||
SECURITY_FUNCTION_TABLE* table;
|
||||
SEC_PKG_CREDENTIALS_NAMES credential_names;
|
||||
|
||||
table = InitSecurityInterface();
|
||||
|
||||
|
@ -111,24 +113,45 @@ void test_AcquireCredentialsHandle(void)
|
|||
|
||||
if (status == SEC_E_OK)
|
||||
{
|
||||
status = table->QueryCredentialsAttributes(&credentials, SECPKG_CRED_ATTR_NAMES, &credential_names);
|
||||
|
||||
if (status == SEC_E_OK)
|
||||
{
|
||||
printf("\nQueryCredentialsAttributes: %s\n", credential_names.sUserName);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void test_InitializeSecurityContext(void)
|
||||
{
|
||||
uint32 fContextReq;
|
||||
CTXT_HANDLE context;
|
||||
uint32 pfContextAttr;
|
||||
SECURITY_STATUS status;
|
||||
CRED_HANDLE credentials;
|
||||
SEC_TIMESTAMP expiration;
|
||||
SEC_AUTH_IDENTITY identity;
|
||||
SECURITY_FUNCTION_TABLE* table;
|
||||
SEC_BUFFER_DESC sec_output_buffer;
|
||||
|
||||
table = InitSecurityInterface();
|
||||
|
||||
identity.User = (uint16*) xstrdup(test_User);
|
||||
identity.UserLength = sizeof(test_User);
|
||||
identity.Domain = (uint16*) xstrdup(test_Domain);
|
||||
identity.DomainLength = sizeof(test_Domain);
|
||||
identity.Password = (uint16*) xstrdup(test_Password);
|
||||
identity.PasswordLength = sizeof(test_Password);
|
||||
identity.Flags = SEC_AUTH_IDENTITY_ANSI;
|
||||
|
||||
status = table->AcquireCredentialsHandle(NULL, NTLM_PACKAGE_NAME,
|
||||
SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration);
|
||||
|
||||
if (status == SEC_E_OK)
|
||||
{
|
||||
fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_DELEGATE;
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
table->InitializeSecurityContext(&credentials, NULL, NULL, fContextReq, 0, 0, NULL, 0,
|
||||
&context, &sec_output_buffer, &pfContextAttr, &expiration);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,3 +26,4 @@ int add_sspi_suite(void);
|
|||
void test_EnumerateSecurityPackages(void);
|
||||
void test_QuerySecurityPackageInfo(void);
|
||||
void test_AcquireCredentialsHandle(void);
|
||||
void test_InitializeSecurityContext(void);
|
||||
|
|
|
@ -142,6 +142,154 @@ typedef uint32 SECURITY_STATUS;
|
|||
#define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010
|
||||
#define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020
|
||||
|
||||
/* Security Context Attributes */
|
||||
|
||||
#define SECPKG_ATTR_SIZES 0
|
||||
#define SECPKG_ATTR_NAMES 1
|
||||
#define SECPKG_ATTR_LIFESPAN 2
|
||||
#define SECPKG_ATTR_DCE_INFO 3
|
||||
#define SECPKG_ATTR_STREAM_SIZES 4
|
||||
#define SECPKG_ATTR_KEY_INFO 5
|
||||
#define SECPKG_ATTR_AUTHORITY 6
|
||||
#define SECPKG_ATTR_PROTO_INFO 7
|
||||
#define SECPKG_ATTR_PASSWORD_EXPIRY 8
|
||||
#define SECPKG_ATTR_SESSION_KEY 9
|
||||
#define SECPKG_ATTR_PACKAGE_INFO 10
|
||||
#define SECPKG_ATTR_USER_FLAGS 11
|
||||
#define SECPKG_ATTR_NEGOTIATION_INFO 12
|
||||
#define SECPKG_ATTR_NATIVE_NAMES 13
|
||||
#define SECPKG_ATTR_FLAGS 14
|
||||
#define SECPKG_ATTR_USE_VALIDATED 15
|
||||
#define SECPKG_ATTR_CREDENTIAL_NAME 16
|
||||
#define SECPKG_ATTR_TARGET_INFORMATION 17
|
||||
#define SECPKG_ATTR_ACCESS_TOKEN 18
|
||||
#define SECPKG_ATTR_TARGET 19
|
||||
#define SECPKG_ATTR_AUTHENTICATION_ID 20
|
||||
#define SECPKG_ATTR_LOGOFF_TIME 21
|
||||
#define SECPKG_ATTR_NEGO_KEYS 22
|
||||
#define SECPKG_ATTR_PROMPTING_NEEDED 24
|
||||
#define SECPKG_ATTR_UNIQUE_BINDINGS 25
|
||||
#define SECPKG_ATTR_ENDPOINT_BINDINGS 26
|
||||
#define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27
|
||||
#define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30
|
||||
#define SECPKG_ATTR_NEGO_PKG_INFO 31
|
||||
#define SECPKG_ATTR_NEGO_STATUS 32
|
||||
#define SECPKG_ATTR_CONTEXT_DELETED 33
|
||||
|
||||
/* Security Credentials Attributes */
|
||||
|
||||
#define SECPKG_CRED_ATTR_NAMES 1
|
||||
|
||||
struct _SEC_PKG_CREDENTIALS_NAMES
|
||||
{
|
||||
char* sUserName;
|
||||
};
|
||||
typedef struct _SEC_PKG_CREDENTIALS_NAMES SEC_PKG_CREDENTIALS_NAMES;
|
||||
|
||||
/* InitializeSecurityContext Flags */
|
||||
|
||||
#define ISC_REQ_DELEGATE 0x00000001
|
||||
#define ISC_REQ_MUTUAL_AUTH 0x00000002
|
||||
#define ISC_REQ_REPLAY_DETECT 0x00000004
|
||||
#define ISC_REQ_SEQUENCE_DETECT 0x00000008
|
||||
#define ISC_REQ_CONFIDENTIALITY 0x00000010
|
||||
#define ISC_REQ_USE_SESSION_KEY 0x00000020
|
||||
#define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
|
||||
#define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080
|
||||
#define ISC_REQ_ALLOCATE_MEMORY 0x00000100
|
||||
#define ISC_REQ_USE_DCE_STYLE 0x00000200
|
||||
#define ISC_REQ_DATAGRAM 0x00000400
|
||||
#define ISC_REQ_CONNECTION 0x00000800
|
||||
#define ISC_REQ_CALL_LEVEL 0x00001000
|
||||
#define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
|
||||
#define ISC_REQ_EXTENDED_ERROR 0x00004000
|
||||
#define ISC_REQ_STREAM 0x00008000
|
||||
#define ISC_REQ_INTEGRITY 0x00010000
|
||||
#define ISC_REQ_IDENTIFY 0x00020000
|
||||
#define ISC_REQ_NULL_SESSION 0x00040000
|
||||
#define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
|
||||
#define ISC_REQ_RESERVED1 0x00100000
|
||||
#define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
|
||||
#define ISC_REQ_FORWARD_CREDENTIALS 0x00400000
|
||||
#define ISC_REQ_NO_INTEGRITY 0x00800000
|
||||
#define ISC_REQ_USE_HTTP_STYLE 0x01000000
|
||||
|
||||
#define ISC_RET_DELEGATE 0x00000001
|
||||
#define ISC_RET_MUTUAL_AUTH 0x00000002
|
||||
#define ISC_RET_REPLAY_DETECT 0x00000004
|
||||
#define ISC_RET_SEQUENCE_DETECT 0x00000008
|
||||
#define ISC_RET_CONFIDENTIALITY 0x00000010
|
||||
#define ISC_RET_USE_SESSION_KEY 0x00000020
|
||||
#define ISC_RET_USED_COLLECTED_CREDS 0x00000040
|
||||
#define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
|
||||
#define ISC_RET_ALLOCATED_MEMORY 0x00000100
|
||||
#define ISC_RET_USED_DCE_STYLE 0x00000200
|
||||
#define ISC_RET_DATAGRAM 0x00000400
|
||||
#define ISC_RET_CONNECTION 0x00000800
|
||||
#define ISC_RET_INTERMEDIATE_RETURN 0x00001000
|
||||
#define ISC_RET_CALL_LEVEL 0x00002000
|
||||
#define ISC_RET_EXTENDED_ERROR 0x00004000
|
||||
#define ISC_RET_STREAM 0x00008000
|
||||
#define ISC_RET_INTEGRITY 0x00010000
|
||||
#define ISC_RET_IDENTIFY 0x00020000
|
||||
#define ISC_RET_NULL_SESSION 0x00040000
|
||||
#define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
|
||||
#define ISC_RET_RESERVED1 0x00100000
|
||||
#define ISC_RET_FRAGMENT_ONLY 0x00200000
|
||||
#define ISC_RET_FORWARD_CREDENTIALS 0x00400000
|
||||
#define ISC_RET_USED_HTTP_STYLE 0x01000000
|
||||
|
||||
/* AcceptSecurityContext Flags */
|
||||
|
||||
#define ASC_REQ_DELEGATE 0x00000001
|
||||
#define ASC_REQ_MUTUAL_AUTH 0x00000002
|
||||
#define ASC_REQ_REPLAY_DETECT 0x00000004
|
||||
#define ASC_REQ_SEQUENCE_DETECT 0x00000008
|
||||
#define ASC_REQ_CONFIDENTIALITY 0x00000010
|
||||
#define ASC_REQ_USE_SESSION_KEY 0x00000020
|
||||
#define ASC_REQ_ALLOCATE_MEMORY 0x00000100
|
||||
#define ASC_REQ_USE_DCE_STYLE 0x00000200
|
||||
#define ASC_REQ_DATAGRAM 0x00000400
|
||||
#define ASC_REQ_CONNECTION 0x00000800
|
||||
#define ASC_REQ_CALL_LEVEL 0x00001000
|
||||
#define ASC_REQ_EXTENDED_ERROR 0x00008000
|
||||
#define ASC_REQ_STREAM 0x00010000
|
||||
#define ASC_REQ_INTEGRITY 0x00020000
|
||||
#define ASC_REQ_LICENSING 0x00040000
|
||||
#define ASC_REQ_IDENTIFY 0x00080000
|
||||
#define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
|
||||
#define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
|
||||
#define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
|
||||
#define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
|
||||
#define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
|
||||
#define ASC_REQ_NO_TOKEN 0x01000000
|
||||
#define ASC_REQ_PROXY_BINDINGS 0x04000000
|
||||
#define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000
|
||||
|
||||
#define ASC_RET_DELEGATE 0x00000001
|
||||
#define ASC_RET_MUTUAL_AUTH 0x00000002
|
||||
#define ASC_RET_REPLAY_DETECT 0x00000004
|
||||
#define ASC_RET_SEQUENCE_DETECT 0x00000008
|
||||
#define ASC_RET_CONFIDENTIALITY 0x00000010
|
||||
#define ASC_RET_USE_SESSION_KEY 0x00000020
|
||||
#define ASC_RET_ALLOCATED_MEMORY 0x00000100
|
||||
#define ASC_RET_USED_DCE_STYLE 0x00000200
|
||||
#define ASC_RET_DATAGRAM 0x00000400
|
||||
#define ASC_RET_CONNECTION 0x00000800
|
||||
#define ASC_RET_CALL_LEVEL 0x00002000
|
||||
#define ASC_RET_THIRD_LEG_FAILED 0x00004000
|
||||
#define ASC_RET_EXTENDED_ERROR 0x00008000
|
||||
#define ASC_RET_STREAM 0x00010000
|
||||
#define ASC_RET_INTEGRITY 0x00020000
|
||||
#define ASC_RET_LICENSING 0x00040000
|
||||
#define ASC_RET_IDENTIFY 0x00080000
|
||||
#define ASC_RET_NULL_SESSION 0x00100000
|
||||
#define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
|
||||
#define ASC_RET_FRAGMENT_ONLY 0x00800000
|
||||
#define ASC_RET_NO_TOKEN 0x01000000
|
||||
#define ASC_RET_NO_PROXY_BINDINGS 0x04000000
|
||||
#define ASC_RET_MISSING_BINDINGS 0x10000000
|
||||
|
||||
struct _SEC_PKG_INFO
|
||||
{
|
||||
uint32 fCapabilities;
|
||||
|
|
|
@ -18,7 +18,10 @@
|
|||
# limitations under the License.
|
||||
|
||||
set(FREERDP_AUTH_SRCS
|
||||
NTLM/ntlm.c
|
||||
NTLM/ntlm.h
|
||||
sspi.c
|
||||
sspi.h
|
||||
credssp.c
|
||||
ntlmssp.c)
|
||||
|
||||
|
|
|
@ -0,0 +1,157 @@
|
|||
/**
|
||||
* FreeRDP: A Remote Desktop Protocol Implementation
|
||||
* NTLM Security Package
|
||||
*
|
||||
* Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <time.h>
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/md4.h>
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/engine.h>
|
||||
#include <freerdp/utils/memory.h>
|
||||
|
||||
#include <freerdp/auth/sspi.h>
|
||||
#include <freerdp/auth/credssp.h>
|
||||
|
||||
#include "ntlm.h"
|
||||
#include "../sspi.h"
|
||||
|
||||
char* NTLM_PACKAGE_NAME = "NTLM";
|
||||
|
||||
NTLM_CONTEXT* ntlm_ContextNew()
|
||||
{
|
||||
NTLM_CONTEXT* context;
|
||||
|
||||
context = xnew(NTLM_CONTEXT);
|
||||
|
||||
if (context != NULL)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
return context;
|
||||
}
|
||||
|
||||
void ntlm_ContextFree(NTLM_CONTEXT* context)
|
||||
{
|
||||
if (!context)
|
||||
return;
|
||||
|
||||
xfree(context);
|
||||
}
|
||||
|
||||
SECURITY_STATUS ntlm_AcquireCredentialsHandle(char* pszPrincipal, char* pszPackage,
|
||||
uint32 fCredentialUse, void* pvLogonID, void* pAuthData, void* pGetKeyFn,
|
||||
void* pvGetKeyArgument, CRED_HANDLE* phCredential, SEC_TIMESTAMP* ptsExpiry)
|
||||
{
|
||||
CREDENTIALS* credentials;
|
||||
SEC_AUTH_IDENTITY* identity;
|
||||
|
||||
if (fCredentialUse == SECPKG_CRED_OUTBOUND)
|
||||
{
|
||||
credentials = sspi_CredentialsNew();
|
||||
identity = (SEC_AUTH_IDENTITY*) pAuthData;
|
||||
|
||||
memcpy(&(credentials->identity), identity, sizeof(SEC_AUTH_IDENTITY));
|
||||
|
||||
sspi_SecureHandleSetLowerPointer(phCredential, (void*) credentials);
|
||||
sspi_SecureHandleSetUpperPointer(phCredential, (void*) NTLM_PACKAGE_NAME);
|
||||
|
||||
return SEC_E_OK;
|
||||
}
|
||||
|
||||
return SEC_E_OK;
|
||||
}
|
||||
|
||||
SECURITY_STATUS ntlm_QueryCredentialsAttributes(CRED_HANDLE* phCredential, uint32 ulAttribute, void* pBuffer)
|
||||
{
|
||||
if (ulAttribute == SECPKG_CRED_ATTR_NAMES)
|
||||
{
|
||||
CREDENTIALS* credentials;
|
||||
SEC_PKG_CREDENTIALS_NAMES* credential_names = (SEC_PKG_CREDENTIALS_NAMES*) pBuffer;
|
||||
|
||||
credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
|
||||
|
||||
if (credentials->identity.Flags == SEC_AUTH_IDENTITY_ANSI)
|
||||
credential_names->sUserName = xstrdup((char*) credentials->identity.User);
|
||||
|
||||
return SEC_E_OK;
|
||||
}
|
||||
|
||||
return SEC_E_UNSUPPORTED_FUNCTION;
|
||||
}
|
||||
|
||||
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375512/ */
|
||||
|
||||
SECURITY_STATUS ntlm_InitializeSecurityContext(CRED_HANDLE* phCredential, CTXT_HANDLE* phContext,
|
||||
char* pszTargetName, uint32 fContextReq, uint32 Reserved1, uint32 TargetDataRep,
|
||||
SEC_BUFFER_DESC* pInput, uint32 Reserved2, CTXT_HANDLE* phNewContext,
|
||||
SEC_BUFFER_DESC* pOutput, uint32* pfContextAttr, SEC_TIMESTAMP* ptsExpiry)
|
||||
{
|
||||
return SEC_E_OK;
|
||||
}
|
||||
|
||||
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa379337/ */
|
||||
|
||||
SECURITY_STATUS ntlm_QueryContextAttributes(CTXT_HANDLE* phContext, uint32 ulAttribute, void* pBuffer)
|
||||
{
|
||||
return SEC_E_OK;
|
||||
}
|
||||
|
||||
const SEC_PKG_INFO NTLM_SEC_PKG_INFO =
|
||||
{
|
||||
0x00082B37, /* fCapabilities */
|
||||
1, /* wVersion */
|
||||
0x000A, /* wRPCID */
|
||||
0x00000B48, /* cbMaxToken */
|
||||
"NTLM", /* Name */
|
||||
"NTLM Security Package" /* Comment */
|
||||
};
|
||||
|
||||
const SECURITY_FUNCTION_TABLE NTLM_SECURITY_FUNCTION_TABLE =
|
||||
{
|
||||
1, /* dwVersion */
|
||||
NULL, /* EnumerateSecurityPackages */
|
||||
NULL, /* Reserved1 */
|
||||
ntlm_QueryCredentialsAttributes, /* QueryCredentialsAttributes */
|
||||
ntlm_AcquireCredentialsHandle, /* AcquireCredentialsHandle */
|
||||
NULL, /* FreeCredentialsHandle */
|
||||
NULL, /* Reserved2 */
|
||||
ntlm_InitializeSecurityContext, /* InitializeSecurityContext */
|
||||
NULL, /* AcceptSecurityContext */
|
||||
NULL, /* CompleteAuthToken */
|
||||
NULL, /* DeleteSecurityContext */
|
||||
NULL, /* ApplyControlToken */
|
||||
ntlm_QueryContextAttributes, /* QueryContextAttributes */
|
||||
NULL, /* ImpersonateSecurityContext */
|
||||
NULL, /* RevertSecurityContext */
|
||||
NULL, /* MakeSignature */
|
||||
NULL, /* VerifySignature */
|
||||
NULL, /* FreeContextBuffer */
|
||||
NULL, /* QuerySecurityPackageInfo */
|
||||
NULL, /* Reserved3 */
|
||||
NULL, /* Reserved4 */
|
||||
NULL, /* ExportSecurityContext */
|
||||
NULL, /* ImportSecurityContext */
|
||||
NULL, /* AddCredentials */
|
||||
NULL, /* Reserved8 */
|
||||
NULL, /* QuerySecurityContextToken */
|
||||
NULL, /* EncryptMessage */
|
||||
NULL, /* DecryptMessage */
|
||||
NULL, /* SetContextAttributes */
|
||||
};
|
|
@ -0,0 +1,32 @@
|
|||
/**
|
||||
* FreeRDP: A Remote Desktop Protocol Implementation
|
||||
* NTLM Security Package
|
||||
*
|
||||
* Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <freerdp/auth/sspi.h>
|
||||
#include <freerdp/auth/credssp.h>
|
||||
|
||||
#ifndef FREERDP_AUTH_NTLM_PRIVATE_H
|
||||
#define FREERDP_AUTH_NTLM_PRIVATE_H
|
||||
|
||||
struct _NTLM_CONTEXT
|
||||
{
|
||||
SEC_AUTH_IDENTITY identity;
|
||||
};
|
||||
typedef struct _NTLM_CONTEXT NTLM_CONTEXT;
|
||||
|
||||
#endif /* FREERDP_AUTH_NTLM_PRIVATE_H */
|
|
@ -28,6 +28,8 @@
|
|||
#include <freerdp/auth/sspi.h>
|
||||
#include <freerdp/auth/credssp.h>
|
||||
|
||||
#include "sspi.h"
|
||||
|
||||
#include <freerdp/auth/ntlmssp.h>
|
||||
|
||||
#define NTLMSSP_NEGOTIATE_56 0x80000000 /* W (0) */
|
||||
|
@ -2224,60 +2226,3 @@ void ntlmssp_free(NTLMSSP* ntlmssp)
|
|||
crypto_rc4_free(ntlmssp->recv_rc4_seal);
|
||||
xfree(ntlmssp);
|
||||
}
|
||||
|
||||
/* SSPI */
|
||||
|
||||
SECURITY_STATUS ntlm_AcquireCredentialsHandle(char* pszPrincipal, char* pszPackage,
|
||||
uint32 fCredentialUse, void* pvLogonID, void* pAuthData, void* pGetKeyFn,
|
||||
void* pvGetKeyArgument, CRED_HANDLE* phCredential, SEC_TIMESTAMP* ptsExpiry)
|
||||
{
|
||||
if (fCredentialUse == SECPKG_CRED_OUTBOUND)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
return SEC_E_OK;
|
||||
}
|
||||
|
||||
const SEC_PKG_INFO NTLM_SEC_PKG_INFO =
|
||||
{
|
||||
0x00082B37, /* fCapabilities */
|
||||
1, /* wVersion */
|
||||
0x000A, /* wRPCID */
|
||||
0x00000B48, /* cbMaxToken */
|
||||
"NTLM", /* Name */
|
||||
"NTLM Security Package" /* Comment */
|
||||
};
|
||||
|
||||
const SECURITY_FUNCTION_TABLE NTLM_SECURITY_FUNCTION_TABLE =
|
||||
{
|
||||
1, /* dwVersion */
|
||||
NULL, /* EnumerateSecurityPackages */
|
||||
NULL, /* Reserved1 */
|
||||
NULL, /* QueryCredentialsAttributes */
|
||||
ntlm_AcquireCredentialsHandle, /* AcquireCredentialsHandle */
|
||||
NULL, /* FreeCredentialsHandle */
|
||||
NULL, /* Reserved2 */
|
||||
NULL, /* InitializeSecurityContext */
|
||||
NULL, /* AcceptSecurityContext */
|
||||
NULL, /* CompleteAuthToken */
|
||||
NULL, /* DeleteSecurityContext */
|
||||
NULL, /* ApplyControlToken */
|
||||
NULL, /* QueryContextAttributes */
|
||||
NULL, /* ImpersonateSecurityContext */
|
||||
NULL, /* RevertSecurityContext */
|
||||
NULL, /* MakeSignature */
|
||||
NULL, /* VerifySignature */
|
||||
NULL, /* FreeContextBuffer */
|
||||
NULL, /* QuerySecurityPackageInfo */
|
||||
NULL, /* Reserved3 */
|
||||
NULL, /* Reserved4 */
|
||||
NULL, /* ExportSecurityContext */
|
||||
NULL, /* ImportSecurityContext */
|
||||
NULL, /* AddCredentials */
|
||||
NULL, /* Reserved8 */
|
||||
NULL, /* QuerySecurityContextToken */
|
||||
NULL, /* EncryptMessage */
|
||||
NULL, /* DecryptMessage */
|
||||
NULL, /* SetContextAttributes */
|
||||
};
|
||||
|
|
|
@ -21,6 +21,8 @@
|
|||
|
||||
#include <freerdp/auth/sspi.h>
|
||||
|
||||
#include "sspi.h"
|
||||
|
||||
/* Authentication Functions: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731/ */
|
||||
|
||||
extern const SEC_PKG_INFO NTLM_SEC_PKG_INFO;
|
||||
|
@ -52,6 +54,91 @@ const SECURITY_FUNCTION_TABLE_NAME SECURITY_FUNCTION_TABLE_NAME_LIST[] =
|
|||
#define SEC_HANDLE_LOWER_MAX 0xFFFFFFFF
|
||||
#define SEC_HANDLE_UPPER_MAX 0xFFFFFFFE
|
||||
|
||||
CREDENTIALS* sspi_CredentialsNew()
|
||||
{
|
||||
CREDENTIALS* credentials;
|
||||
|
||||
credentials = xnew(CREDENTIALS);
|
||||
|
||||
if (credentials != NULL)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
return credentials;
|
||||
}
|
||||
|
||||
void sspi_CredentialsFree(CREDENTIALS* credentials)
|
||||
{
|
||||
if (!credentials)
|
||||
return;
|
||||
|
||||
xfree(credentials);
|
||||
}
|
||||
|
||||
SEC_HANDLE* sspi_SecureHandleAlloc()
|
||||
{
|
||||
SEC_HANDLE* handle = xmalloc(sizeof(SEC_HANDLE));
|
||||
memset(handle, 0xFF, sizeof(SEC_HANDLE));
|
||||
return handle;
|
||||
}
|
||||
|
||||
void sspi_SecureHandleInvalidate(SEC_HANDLE* handle)
|
||||
{
|
||||
if (!handle)
|
||||
return;
|
||||
|
||||
memset(handle, 0xFF, sizeof(SEC_HANDLE));
|
||||
}
|
||||
|
||||
void* sspi_SecureHandleGetLowerPointer(SEC_HANDLE* handle)
|
||||
{
|
||||
void* pointer;
|
||||
|
||||
if (!handle)
|
||||
return NULL;
|
||||
|
||||
pointer = (void*) ~((size_t) handle->dwLower);
|
||||
|
||||
return pointer;
|
||||
}
|
||||
|
||||
void sspi_SecureHandleSetLowerPointer(SEC_HANDLE* handle, void* pointer)
|
||||
{
|
||||
if (!handle)
|
||||
return;
|
||||
|
||||
handle->dwLower = (uint32*) (~((size_t) pointer));
|
||||
}
|
||||
|
||||
void* sspi_SecureHandleGetUpperPointer(SEC_HANDLE* handle)
|
||||
{
|
||||
void* pointer;
|
||||
|
||||
if (!handle)
|
||||
return NULL;
|
||||
|
||||
pointer = (void*) ~((size_t) handle->dwUpper);
|
||||
|
||||
return pointer;
|
||||
}
|
||||
|
||||
void sspi_SecureHandleSetUpperPointer(SEC_HANDLE* handle, void* pointer)
|
||||
{
|
||||
if (!handle)
|
||||
return;
|
||||
|
||||
handle->dwUpper = (uint32*) (~((size_t) pointer));
|
||||
}
|
||||
|
||||
void sspi_SecureHandleFree(SEC_HANDLE* handle)
|
||||
{
|
||||
if (!handle)
|
||||
return;
|
||||
|
||||
xfree(handle);
|
||||
}
|
||||
|
||||
SECURITY_FUNCTION_TABLE* sspi_GetSecurityFunctionTableByName(const char* Name)
|
||||
{
|
||||
int index;
|
||||
|
@ -228,6 +315,18 @@ SECURITY_STATUS ExportSecurityContext(CTXT_HANDLE* phContext, uint32 fFlags, SEC
|
|||
|
||||
SECURITY_STATUS FreeCredentialsHandle(CRED_HANDLE* phCredential)
|
||||
{
|
||||
CREDENTIALS* credentials;
|
||||
|
||||
if (!phCredential)
|
||||
return SEC_E_INVALID_HANDLE;
|
||||
|
||||
credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
|
||||
|
||||
if (!credentials)
|
||||
return SEC_E_INVALID_HANDLE;
|
||||
|
||||
sspi_CredentialsFree(credentials);
|
||||
|
||||
return SEC_E_OK;
|
||||
}
|
||||
|
||||
|
@ -238,7 +337,23 @@ SECURITY_STATUS ImportSecurityContext(char* pszPackage, SEC_BUFFER* pPackedConte
|
|||
|
||||
SECURITY_STATUS QueryCredentialsAttributes(CRED_HANDLE* phCredential, uint32 ulAttribute, void* pBuffer)
|
||||
{
|
||||
return SEC_E_OK;
|
||||
char* Name;
|
||||
SECURITY_STATUS status;
|
||||
SECURITY_FUNCTION_TABLE* table;
|
||||
|
||||
Name = (char*) sspi_SecureHandleGetUpperPointer(phCredential);
|
||||
|
||||
if (!Name)
|
||||
return SEC_E_SECPKG_NOT_FOUND;
|
||||
|
||||
table = sspi_GetSecurityFunctionTableByName(Name);
|
||||
|
||||
if (!table)
|
||||
return SEC_E_SECPKG_NOT_FOUND;
|
||||
|
||||
status = table->QueryCredentialsAttributes(phCredential, ulAttribute, pBuffer);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
/* Context Management */
|
||||
|
@ -283,7 +398,25 @@ SECURITY_STATUS InitializeSecurityContext(CRED_HANDLE* phCredential, CTXT_HANDLE
|
|||
SEC_BUFFER_DESC* pInput, uint32 Reserved2, CTXT_HANDLE* phNewContext,
|
||||
SEC_BUFFER_DESC* pOutput, uint32* pfContextAttr, SEC_TIMESTAMP* ptsExpiry)
|
||||
{
|
||||
return SEC_E_OK;
|
||||
char* Name;
|
||||
SECURITY_STATUS status;
|
||||
SECURITY_FUNCTION_TABLE* table;
|
||||
|
||||
Name = (char*) sspi_SecureHandleGetUpperPointer(phCredential);
|
||||
|
||||
if (!Name)
|
||||
return SEC_E_SECPKG_NOT_FOUND;
|
||||
|
||||
table = sspi_GetSecurityFunctionTableByName(Name);
|
||||
|
||||
if (!table)
|
||||
return SEC_E_SECPKG_NOT_FOUND;
|
||||
|
||||
status = table->InitializeSecurityContext(phCredential, phContext,
|
||||
pszTargetName, fContextReq, Reserved1, TargetDataRep,
|
||||
pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
SECURITY_STATUS QueryContextAttributes(CTXT_HANDLE* phContext, uint32 ulAttribute, void* pBuffer)
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
/**
|
||||
* FreeRDP: A Remote Desktop Protocol Implementation
|
||||
* Security Support Provider Interface (SSPI)
|
||||
*
|
||||
* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef FREERDP_AUTH_SSPI_PRIVATE_H
|
||||
#define FREERDP_AUTH_SSPI_PRIVATE_H
|
||||
|
||||
#include <freerdp/types.h>
|
||||
#include <freerdp/auth/sspi.h>
|
||||
|
||||
struct _CREDENTIALS
|
||||
{
|
||||
SEC_AUTH_IDENTITY identity;
|
||||
};
|
||||
typedef struct _CREDENTIALS CREDENTIALS;
|
||||
|
||||
CREDENTIALS* sspi_CredentialsNew();
|
||||
void sspi_CredentialsFree(CREDENTIALS* credentials);
|
||||
|
||||
SEC_HANDLE* sspi_SecureHandleAlloc();
|
||||
void sspi_SecureHandleInvalidate(SEC_HANDLE* handle);
|
||||
void* sspi_SecureHandleGetLowerPointer(SEC_HANDLE* handle);
|
||||
void sspi_SecureHandleSetLowerPointer(SEC_HANDLE* handle, void* pointer);
|
||||
void* sspi_SecureHandleGetUpperPointer(SEC_HANDLE* handle);
|
||||
void sspi_SecureHandleSetUpperPointer(SEC_HANDLE* handle, void* pointer);
|
||||
void sspi_SecureHandleFree(SEC_HANDLE* handle);
|
||||
|
||||
#endif /* FREERDP_AUTH_SSPI_PRIVATE_H */
|
Loading…
Reference in New Issue