libfreerdp-auth: split NTLM package, implement AcquireCredentialsHandle

2012-02-23 15:56:50 -05:00 · 2012-02-23 15:56:50 -05:00 · 1e2b0be24a
parent 545c8857e3
commit 1e2b0be24a
9 changed files with 556 additions and 71 deletions
--- a/cunit/test_sspi.c
+++ b/cunit/test_sspi.c
@ -44,6 +44,7 @@ int add_sspi_suite(void)
 	add_test_function(EnumerateSecurityPackages);
 	add_test_function(QuerySecurityPackageInfo);
 	add_test_function(AcquireCredentialsHandle);
+	add_test_function(InitializeSecurityContext);

 	return 0;
 }
@ -95,6 +96,7 @@ void test_AcquireCredentialsHandle(void)
 	SEC_TIMESTAMP expiration;
 	SEC_AUTH_IDENTITY identity;
 	SECURITY_FUNCTION_TABLE* table;
+	SEC_PKG_CREDENTIALS_NAMES credential_names;

 	table = InitSecurityInterface();

@ -111,24 +113,45 @@ void test_AcquireCredentialsHandle(void)

 	if (status == SEC_E_OK)
 	{
+		status = table->QueryCredentialsAttributes(&credentials, SECPKG_CRED_ATTR_NAMES, &credential_names);

+		if (status == SEC_E_OK)
+		{
+			printf("\nQueryCredentialsAttributes: %s\n", credential_names.sUserName);
+		}
 	}
 }

+void test_InitializeSecurityContext(void)
+{
+	uint32 fContextReq;
+	CTXT_HANDLE context;
+	uint32 pfContextAttr;
+	SECURITY_STATUS status;
+	CRED_HANDLE credentials;
+	SEC_TIMESTAMP expiration;
+	SEC_AUTH_IDENTITY identity;
+	SECURITY_FUNCTION_TABLE* table;
+	SEC_BUFFER_DESC sec_output_buffer;

+	table = InitSecurityInterface();

+	identity.User = (uint16*) xstrdup(test_User);
+	identity.UserLength = sizeof(test_User);
+	identity.Domain = (uint16*) xstrdup(test_Domain);
+	identity.DomainLength = sizeof(test_Domain);
+	identity.Password = (uint16*) xstrdup(test_Password);
+	identity.PasswordLength = sizeof(test_Password);
+	identity.Flags = SEC_AUTH_IDENTITY_ANSI;

+	status = table->AcquireCredentialsHandle(NULL, NTLM_PACKAGE_NAME,
+			SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration);

+	if (status == SEC_E_OK)
+	{
+		fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_DELEGATE;

-
-
-
-
-
-
-
-
-
-
-
-
+		table->InitializeSecurityContext(&credentials, NULL, NULL, fContextReq, 0, 0, NULL, 0,
+				&context, &sec_output_buffer, &pfContextAttr, &expiration);
+	}
+}
--- a/cunit/test_sspi.h
+++ b/cunit/test_sspi.h
@ -26,3 +26,4 @@ int add_sspi_suite(void);
 void test_EnumerateSecurityPackages(void);
 void test_QuerySecurityPackageInfo(void);
 void test_AcquireCredentialsHandle(void);
+void test_InitializeSecurityContext(void);
--- a/include/freerdp/auth/sspi.h
+++ b/include/freerdp/auth/sspi.h
@ -142,6 +142,154 @@ typedef uint32 SECURITY_STATUS;
 #define SECPKG_CRED_AUTOLOGON_RESTRICTED	0x00000010
 #define SECPKG_CRED_PROCESS_POLICY_ONLY		0x00000020

+/* Security Context Attributes */
+
+#define SECPKG_ATTR_SIZES				0
+#define SECPKG_ATTR_NAMES				1
+#define SECPKG_ATTR_LIFESPAN				2
+#define SECPKG_ATTR_DCE_INFO				3
+#define SECPKG_ATTR_STREAM_SIZES			4
+#define SECPKG_ATTR_KEY_INFO				5
+#define SECPKG_ATTR_AUTHORITY				6
+#define SECPKG_ATTR_PROTO_INFO				7
+#define SECPKG_ATTR_PASSWORD_EXPIRY			8
+#define SECPKG_ATTR_SESSION_KEY				9
+#define SECPKG_ATTR_PACKAGE_INFO			10
+#define SECPKG_ATTR_USER_FLAGS				11
+#define SECPKG_ATTR_NEGOTIATION_INFO			12
+#define SECPKG_ATTR_NATIVE_NAMES			13
+#define SECPKG_ATTR_FLAGS				14
+#define SECPKG_ATTR_USE_VALIDATED			15
+#define SECPKG_ATTR_CREDENTIAL_NAME			16
+#define SECPKG_ATTR_TARGET_INFORMATION			17
+#define SECPKG_ATTR_ACCESS_TOKEN			18
+#define SECPKG_ATTR_TARGET				19
+#define SECPKG_ATTR_AUTHENTICATION_ID			20
+#define SECPKG_ATTR_LOGOFF_TIME				21
+#define SECPKG_ATTR_NEGO_KEYS				22
+#define SECPKG_ATTR_PROMPTING_NEEDED			24
+#define SECPKG_ATTR_UNIQUE_BINDINGS			25
+#define SECPKG_ATTR_ENDPOINT_BINDINGS			26
+#define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET		27
+#define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS		30
+#define SECPKG_ATTR_NEGO_PKG_INFO			31
+#define SECPKG_ATTR_NEGO_STATUS				32
+#define SECPKG_ATTR_CONTEXT_DELETED			33
+
+/* Security Credentials Attributes */
+
+#define SECPKG_CRED_ATTR_NAMES				1
+
+struct _SEC_PKG_CREDENTIALS_NAMES
+{
+	char* sUserName;
+};
+typedef struct _SEC_PKG_CREDENTIALS_NAMES SEC_PKG_CREDENTIALS_NAMES;
+
+/* InitializeSecurityContext Flags */
+
+#define ISC_REQ_DELEGATE			0x00000001
+#define ISC_REQ_MUTUAL_AUTH			0x00000002
+#define ISC_REQ_REPLAY_DETECT			0x00000004
+#define ISC_REQ_SEQUENCE_DETECT			0x00000008
+#define ISC_REQ_CONFIDENTIALITY			0x00000010
+#define ISC_REQ_USE_SESSION_KEY			0x00000020
+#define ISC_REQ_PROMPT_FOR_CREDS		0x00000040
+#define ISC_REQ_USE_SUPPLIED_CREDS		0x00000080
+#define ISC_REQ_ALLOCATE_MEMORY			0x00000100
+#define ISC_REQ_USE_DCE_STYLE			0x00000200
+#define ISC_REQ_DATAGRAM			0x00000400
+#define ISC_REQ_CONNECTION			0x00000800
+#define ISC_REQ_CALL_LEVEL			0x00001000
+#define ISC_REQ_FRAGMENT_SUPPLIED		0x00002000
+#define ISC_REQ_EXTENDED_ERROR			0x00004000
+#define ISC_REQ_STREAM				0x00008000
+#define ISC_REQ_INTEGRITY			0x00010000
+#define ISC_REQ_IDENTIFY			0x00020000
+#define ISC_REQ_NULL_SESSION			0x00040000
+#define ISC_REQ_MANUAL_CRED_VALIDATION		0x00080000
+#define ISC_REQ_RESERVED1			0x00100000
+#define ISC_REQ_FRAGMENT_TO_FIT			0x00200000
+#define ISC_REQ_FORWARD_CREDENTIALS		0x00400000
+#define ISC_REQ_NO_INTEGRITY			0x00800000
+#define ISC_REQ_USE_HTTP_STYLE			0x01000000
+
+#define ISC_RET_DELEGATE			0x00000001
+#define ISC_RET_MUTUAL_AUTH			0x00000002
+#define ISC_RET_REPLAY_DETECT			0x00000004
+#define ISC_RET_SEQUENCE_DETECT			0x00000008
+#define ISC_RET_CONFIDENTIALITY			0x00000010
+#define ISC_RET_USE_SESSION_KEY			0x00000020
+#define ISC_RET_USED_COLLECTED_CREDS		0x00000040
+#define ISC_RET_USED_SUPPLIED_CREDS		0x00000080
+#define ISC_RET_ALLOCATED_MEMORY		0x00000100
+#define ISC_RET_USED_DCE_STYLE			0x00000200
+#define ISC_RET_DATAGRAM			0x00000400
+#define ISC_RET_CONNECTION			0x00000800
+#define ISC_RET_INTERMEDIATE_RETURN		0x00001000
+#define ISC_RET_CALL_LEVEL			0x00002000
+#define ISC_RET_EXTENDED_ERROR			0x00004000
+#define ISC_RET_STREAM				0x00008000
+#define ISC_RET_INTEGRITY			0x00010000
+#define ISC_RET_IDENTIFY			0x00020000
+#define ISC_RET_NULL_SESSION			0x00040000
+#define ISC_RET_MANUAL_CRED_VALIDATION		0x00080000
+#define ISC_RET_RESERVED1			0x00100000
+#define ISC_RET_FRAGMENT_ONLY			0x00200000
+#define ISC_RET_FORWARD_CREDENTIALS		0x00400000
+#define ISC_RET_USED_HTTP_STYLE			0x01000000
+
+/* AcceptSecurityContext Flags */
+
+#define ASC_REQ_DELEGATE			0x00000001
+#define ASC_REQ_MUTUAL_AUTH			0x00000002
+#define ASC_REQ_REPLAY_DETECT			0x00000004
+#define ASC_REQ_SEQUENCE_DETECT			0x00000008
+#define ASC_REQ_CONFIDENTIALITY			0x00000010
+#define ASC_REQ_USE_SESSION_KEY			0x00000020
+#define ASC_REQ_ALLOCATE_MEMORY			0x00000100
+#define ASC_REQ_USE_DCE_STYLE			0x00000200
+#define ASC_REQ_DATAGRAM			0x00000400
+#define ASC_REQ_CONNECTION			0x00000800
+#define ASC_REQ_CALL_LEVEL			0x00001000
+#define ASC_REQ_EXTENDED_ERROR			0x00008000
+#define ASC_REQ_STREAM				0x00010000
+#define ASC_REQ_INTEGRITY			0x00020000
+#define ASC_REQ_LICENSING			0x00040000
+#define ASC_REQ_IDENTIFY			0x00080000
+#define ASC_REQ_ALLOW_NULL_SESSION		0x00100000
+#define ASC_REQ_ALLOW_NON_USER_LOGONS		0x00200000
+#define ASC_REQ_ALLOW_CONTEXT_REPLAY		0x00400000
+#define ASC_REQ_FRAGMENT_TO_FIT			0x00800000
+#define ASC_REQ_FRAGMENT_SUPPLIED		0x00002000
+#define ASC_REQ_NO_TOKEN			0x01000000
+#define ASC_REQ_PROXY_BINDINGS			0x04000000
+#define ASC_REQ_ALLOW_MISSING_BINDINGS		0x10000000
+
+#define ASC_RET_DELEGATE			0x00000001
+#define ASC_RET_MUTUAL_AUTH			0x00000002
+#define ASC_RET_REPLAY_DETECT			0x00000004
+#define ASC_RET_SEQUENCE_DETECT			0x00000008
+#define ASC_RET_CONFIDENTIALITY			0x00000010
+#define ASC_RET_USE_SESSION_KEY			0x00000020
+#define ASC_RET_ALLOCATED_MEMORY		0x00000100
+#define ASC_RET_USED_DCE_STYLE			0x00000200
+#define ASC_RET_DATAGRAM			0x00000400
+#define ASC_RET_CONNECTION			0x00000800
+#define ASC_RET_CALL_LEVEL			0x00002000
+#define ASC_RET_THIRD_LEG_FAILED		0x00004000
+#define ASC_RET_EXTENDED_ERROR			0x00008000
+#define ASC_RET_STREAM				0x00010000
+#define ASC_RET_INTEGRITY			0x00020000
+#define ASC_RET_LICENSING			0x00040000
+#define ASC_RET_IDENTIFY			0x00080000
+#define ASC_RET_NULL_SESSION			0x00100000
+#define ASC_RET_ALLOW_NON_USER_LOGONS		0x00200000
+#define ASC_RET_FRAGMENT_ONLY			0x00800000
+#define ASC_RET_NO_TOKEN			0x01000000
+#define ASC_RET_NO_PROXY_BINDINGS		0x04000000
+#define ASC_RET_MISSING_BINDINGS		0x10000000
+
 struct _SEC_PKG_INFO
 {
 	uint32 fCapabilities;
--- a/libfreerdp-auth/CMakeLists.txt
+++ b/libfreerdp-auth/CMakeLists.txt
@ -18,7 +18,10 @@
 # limitations under the License.

 set(FREERDP_AUTH_SRCS
+	NTLM/ntlm.c
+	NTLM/ntlm.h
 	sspi.c
+	sspi.h
 	credssp.c
 	ntlmssp.c)

--- a/libfreerdp-auth/NTLM/ntlm.c
+++ b/libfreerdp-auth/NTLM/ntlm.c
@ -0,0 +1,157 @@
+/**
+ * FreeRDP: A Remote Desktop Protocol Implementation
+ * NTLM Security Package
+ *
+ * Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <time.h>
+#include <openssl/des.h>
+#include <openssl/md4.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/engine.h>
+#include <freerdp/utils/memory.h>
+
+#include <freerdp/auth/sspi.h>
+#include <freerdp/auth/credssp.h>
+
+#include "ntlm.h"
+#include "../sspi.h"
+
+char* NTLM_PACKAGE_NAME = "NTLM";
+
+NTLM_CONTEXT* ntlm_ContextNew()
+{
+	NTLM_CONTEXT* context;
+
+	context = xnew(NTLM_CONTEXT);
+
+	if (context != NULL)
+	{
+
+	}
+
+	return context;
+}
+
+void ntlm_ContextFree(NTLM_CONTEXT* context)
+{
+	if (!context)
+		return;
+
+	xfree(context);
+}
+
+SECURITY_STATUS ntlm_AcquireCredentialsHandle(char* pszPrincipal, char* pszPackage,
+		uint32 fCredentialUse, void* pvLogonID, void* pAuthData, void* pGetKeyFn,
+		void* pvGetKeyArgument, CRED_HANDLE* phCredential, SEC_TIMESTAMP* ptsExpiry)
+{
+	CREDENTIALS* credentials;
+	SEC_AUTH_IDENTITY* identity;
+
+	if (fCredentialUse == SECPKG_CRED_OUTBOUND)
+	{
+		credentials = sspi_CredentialsNew();
+		identity = (SEC_AUTH_IDENTITY*) pAuthData;
+
+		memcpy(&(credentials->identity), identity, sizeof(SEC_AUTH_IDENTITY));
+
+		sspi_SecureHandleSetLowerPointer(phCredential, (void*) credentials);
+		sspi_SecureHandleSetUpperPointer(phCredential, (void*) NTLM_PACKAGE_NAME);
+
+		return SEC_E_OK;
+	}
+
+	return SEC_E_OK;
+}
+
+SECURITY_STATUS ntlm_QueryCredentialsAttributes(CRED_HANDLE* phCredential, uint32 ulAttribute, void* pBuffer)
+{
+	if (ulAttribute == SECPKG_CRED_ATTR_NAMES)
+	{
+		CREDENTIALS* credentials;
+		SEC_PKG_CREDENTIALS_NAMES* credential_names = (SEC_PKG_CREDENTIALS_NAMES*) pBuffer;
+
+		credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
+
+		if (credentials->identity.Flags == SEC_AUTH_IDENTITY_ANSI)
+			credential_names->sUserName = xstrdup((char*) credentials->identity.User);
+
+		return SEC_E_OK;
+	}
+
+	return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375512/ */
+
+SECURITY_STATUS ntlm_InitializeSecurityContext(CRED_HANDLE* phCredential, CTXT_HANDLE* phContext,
+		char* pszTargetName, uint32 fContextReq, uint32 Reserved1, uint32 TargetDataRep,
+		SEC_BUFFER_DESC* pInput, uint32 Reserved2, CTXT_HANDLE* phNewContext,
+		SEC_BUFFER_DESC* pOutput, uint32* pfContextAttr, SEC_TIMESTAMP* ptsExpiry)
+{
+	return SEC_E_OK;
+}
+
+/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa379337/ */
+
+SECURITY_STATUS ntlm_QueryContextAttributes(CTXT_HANDLE* phContext, uint32 ulAttribute, void* pBuffer)
+{
+	return SEC_E_OK;
+}
+
+const SEC_PKG_INFO NTLM_SEC_PKG_INFO =
+{
+	0x00082B37, /* fCapabilities */
+	1, /* wVersion */
+	0x000A, /* wRPCID */
+	0x00000B48, /* cbMaxToken */
+	"NTLM", /* Name */
+	"NTLM Security Package" /* Comment */
+};
+
+const SECURITY_FUNCTION_TABLE NTLM_SECURITY_FUNCTION_TABLE =
+{
+	1, /* dwVersion */
+	NULL, /* EnumerateSecurityPackages */
+	NULL, /* Reserved1 */
+	ntlm_QueryCredentialsAttributes, /* QueryCredentialsAttributes */
+	ntlm_AcquireCredentialsHandle, /* AcquireCredentialsHandle */
+	NULL, /* FreeCredentialsHandle */
+	NULL, /* Reserved2 */
+	ntlm_InitializeSecurityContext, /* InitializeSecurityContext */
+	NULL, /* AcceptSecurityContext */
+	NULL, /* CompleteAuthToken */
+	NULL, /* DeleteSecurityContext */
+	NULL, /* ApplyControlToken */
+	ntlm_QueryContextAttributes, /* QueryContextAttributes */
+	NULL, /* ImpersonateSecurityContext */
+	NULL, /* RevertSecurityContext */
+	NULL, /* MakeSignature */
+	NULL, /* VerifySignature */
+	NULL, /* FreeContextBuffer */
+	NULL, /* QuerySecurityPackageInfo */
+	NULL, /* Reserved3 */
+	NULL, /* Reserved4 */
+	NULL, /* ExportSecurityContext */
+	NULL, /* ImportSecurityContext */
+	NULL, /* AddCredentials */
+	NULL, /* Reserved8 */
+	NULL, /* QuerySecurityContextToken */
+	NULL, /* EncryptMessage */
+	NULL, /* DecryptMessage */
+	NULL, /* SetContextAttributes */
+};
--- a/libfreerdp-auth/NTLM/ntlm.h
+++ b/libfreerdp-auth/NTLM/ntlm.h
@ -0,0 +1,32 @@
+/**
+ * FreeRDP: A Remote Desktop Protocol Implementation
+ * NTLM Security Package
+ *
+ * Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <freerdp/auth/sspi.h>
+#include <freerdp/auth/credssp.h>
+
+#ifndef FREERDP_AUTH_NTLM_PRIVATE_H
+#define FREERDP_AUTH_NTLM_PRIVATE_H
+
+struct _NTLM_CONTEXT
+{
+	SEC_AUTH_IDENTITY identity;
+};
+typedef struct _NTLM_CONTEXT NTLM_CONTEXT;
+
+#endif /* FREERDP_AUTH_NTLM_PRIVATE_H */
--- a/libfreerdp-auth/ntlmssp.c
+++ b/libfreerdp-auth/ntlmssp.c
@ -28,6 +28,8 @@
 #include <freerdp/auth/sspi.h>
 #include <freerdp/auth/credssp.h>

+#include "sspi.h"
+
 #include <freerdp/auth/ntlmssp.h>

 #define NTLMSSP_NEGOTIATE_56					0x80000000 /* W   (0) */
@ -2224,60 +2226,3 @@ void ntlmssp_free(NTLMSSP* ntlmssp)
 		crypto_rc4_free(ntlmssp->recv_rc4_seal);
 	xfree(ntlmssp);
 }
-
-/* SSPI */
-
-SECURITY_STATUS ntlm_AcquireCredentialsHandle(char* pszPrincipal, char* pszPackage,
-		uint32 fCredentialUse, void* pvLogonID, void* pAuthData, void* pGetKeyFn,
-		void* pvGetKeyArgument, CRED_HANDLE* phCredential, SEC_TIMESTAMP* ptsExpiry)
-{
-	if (fCredentialUse == SECPKG_CRED_OUTBOUND)
-	{
-
-	}
-
-	return SEC_E_OK;
-}
-
-const SEC_PKG_INFO NTLM_SEC_PKG_INFO =
-{
-	0x00082B37, /* fCapabilities */
-	1, /* wVersion */
-	0x000A, /* wRPCID */
-	0x00000B48, /* cbMaxToken */
-	"NTLM", /* Name */
-	"NTLM Security Package" /* Comment */
-};
-
-const SECURITY_FUNCTION_TABLE NTLM_SECURITY_FUNCTION_TABLE =
-{
-	1, /* dwVersion */
-	NULL, /* EnumerateSecurityPackages */
-	NULL, /* Reserved1 */
-	NULL, /* QueryCredentialsAttributes */
-	ntlm_AcquireCredentialsHandle, /* AcquireCredentialsHandle */
-	NULL, /* FreeCredentialsHandle */
-	NULL, /* Reserved2 */
-	NULL, /* InitializeSecurityContext */
-	NULL, /* AcceptSecurityContext */
-	NULL, /* CompleteAuthToken */
-	NULL, /* DeleteSecurityContext */
-	NULL, /* ApplyControlToken */
-	NULL, /* QueryContextAttributes */
-	NULL, /* ImpersonateSecurityContext */
-	NULL, /* RevertSecurityContext */
-	NULL, /* MakeSignature */
-	NULL, /* VerifySignature */
-	NULL, /* FreeContextBuffer */
-	NULL, /* QuerySecurityPackageInfo */
-	NULL, /* Reserved3 */
-	NULL, /* Reserved4 */
-	NULL, /* ExportSecurityContext */
-	NULL, /* ImportSecurityContext */
-	NULL, /* AddCredentials */
-	NULL, /* Reserved8 */
-	NULL, /* QuerySecurityContextToken */
-	NULL, /* EncryptMessage */
-	NULL, /* DecryptMessage */
-	NULL, /* SetContextAttributes */
-};
--- a/libfreerdp-auth/sspi.c
+++ b/libfreerdp-auth/sspi.c
@ -21,6 +21,8 @@

 #include <freerdp/auth/sspi.h>

+#include "sspi.h"
+
 /* Authentication Functions: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731/ */

 extern const SEC_PKG_INFO NTLM_SEC_PKG_INFO;
@ -52,6 +54,91 @@ const SECURITY_FUNCTION_TABLE_NAME SECURITY_FUNCTION_TABLE_NAME_LIST[] =
 #define SEC_HANDLE_LOWER_MAX	0xFFFFFFFF
 #define SEC_HANDLE_UPPER_MAX	0xFFFFFFFE

+CREDENTIALS* sspi_CredentialsNew()
+{
+	CREDENTIALS* credentials;
+
+	credentials = xnew(CREDENTIALS);
+
+	if (credentials != NULL)
+	{
+
+	}
+
+	return credentials;
+}
+
+void sspi_CredentialsFree(CREDENTIALS* credentials)
+{
+	if (!credentials)
+		return;
+
+	xfree(credentials);
+}
+
+SEC_HANDLE* sspi_SecureHandleAlloc()
+{
+	SEC_HANDLE* handle = xmalloc(sizeof(SEC_HANDLE));
+	memset(handle, 0xFF, sizeof(SEC_HANDLE));
+	return handle;
+}
+
+void sspi_SecureHandleInvalidate(SEC_HANDLE* handle)
+{
+	if (!handle)
+		return;
+
+	memset(handle, 0xFF, sizeof(SEC_HANDLE));
+}
+
+void* sspi_SecureHandleGetLowerPointer(SEC_HANDLE* handle)
+{
+	void* pointer;
+
+	if (!handle)
+		return NULL;
+
+	pointer = (void*) ~((size_t) handle->dwLower);
+
+	return pointer;
+}
+
+void sspi_SecureHandleSetLowerPointer(SEC_HANDLE* handle, void* pointer)
+{
+	if (!handle)
+		return;
+
+	handle->dwLower = (uint32*) (~((size_t) pointer));
+}
+
+void* sspi_SecureHandleGetUpperPointer(SEC_HANDLE* handle)
+{
+	void* pointer;
+
+	if (!handle)
+		return NULL;
+
+	pointer = (void*) ~((size_t) handle->dwUpper);
+
+	return pointer;
+}
+
+void sspi_SecureHandleSetUpperPointer(SEC_HANDLE* handle, void* pointer)
+{
+	if (!handle)
+		return;
+
+	handle->dwUpper = (uint32*) (~((size_t) pointer));
+}
+
+void sspi_SecureHandleFree(SEC_HANDLE* handle)
+{
+	if (!handle)
+		return;
+
+	xfree(handle);
+}
+
 SECURITY_FUNCTION_TABLE* sspi_GetSecurityFunctionTableByName(const char* Name)
 {
 	int index;
@ -228,6 +315,18 @@ SECURITY_STATUS ExportSecurityContext(CTXT_HANDLE* phContext, uint32 fFlags, SEC

 SECURITY_STATUS FreeCredentialsHandle(CRED_HANDLE* phCredential)
 {
+	CREDENTIALS* credentials;
+
+	if (!phCredential)
+		return SEC_E_INVALID_HANDLE;
+
+	credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
+
+	if (!credentials)
+		return SEC_E_INVALID_HANDLE;
+
+	sspi_CredentialsFree(credentials);
+
 	return SEC_E_OK;
 }

@ -238,7 +337,23 @@ SECURITY_STATUS ImportSecurityContext(char* pszPackage, SEC_BUFFER* pPackedConte

 SECURITY_STATUS QueryCredentialsAttributes(CRED_HANDLE* phCredential, uint32 ulAttribute, void* pBuffer)
 {
-	return SEC_E_OK;
+	char* Name;
+	SECURITY_STATUS status;
+	SECURITY_FUNCTION_TABLE* table;
+
+	Name = (char*) sspi_SecureHandleGetUpperPointer(phCredential);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableByName(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	status = table->QueryCredentialsAttributes(phCredential, ulAttribute, pBuffer);
+
+	return status;
 }

 /* Context Management */
@ -283,7 +398,25 @@ SECURITY_STATUS InitializeSecurityContext(CRED_HANDLE* phCredential, CTXT_HANDLE
 		SEC_BUFFER_DESC* pInput, uint32 Reserved2, CTXT_HANDLE* phNewContext,
 		SEC_BUFFER_DESC* pOutput, uint32* pfContextAttr, SEC_TIMESTAMP* ptsExpiry)
 {
-	return SEC_E_OK;
+	char* Name;
+	SECURITY_STATUS status;
+	SECURITY_FUNCTION_TABLE* table;
+
+	Name = (char*) sspi_SecureHandleGetUpperPointer(phCredential);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableByName(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	status = table->InitializeSecurityContext(phCredential, phContext,
+			pszTargetName, fContextReq, Reserved1, TargetDataRep,
+			pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry);
+
+	return status;
 }

 SECURITY_STATUS QueryContextAttributes(CTXT_HANDLE* phContext, uint32 ulAttribute, void* pBuffer)
--- a/libfreerdp-auth/sspi.h
+++ b/libfreerdp-auth/sspi.h
@ -0,0 +1,43 @@
+/**
+ * FreeRDP: A Remote Desktop Protocol Implementation
+ * Security Support Provider Interface (SSPI)
+ *
+ * Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FREERDP_AUTH_SSPI_PRIVATE_H
+#define FREERDP_AUTH_SSPI_PRIVATE_H
+
+#include <freerdp/types.h>
+#include <freerdp/auth/sspi.h>
+
+struct _CREDENTIALS
+{
+	SEC_AUTH_IDENTITY identity;
+};
+typedef struct _CREDENTIALS CREDENTIALS;
+
+CREDENTIALS* sspi_CredentialsNew();
+void sspi_CredentialsFree(CREDENTIALS* credentials);
+
+SEC_HANDLE* sspi_SecureHandleAlloc();
+void sspi_SecureHandleInvalidate(SEC_HANDLE* handle);
+void* sspi_SecureHandleGetLowerPointer(SEC_HANDLE* handle);
+void sspi_SecureHandleSetLowerPointer(SEC_HANDLE* handle, void* pointer);
+void* sspi_SecureHandleGetUpperPointer(SEC_HANDLE* handle);
+void sspi_SecureHandleSetUpperPointer(SEC_HANDLE* handle, void* pointer);
+void sspi_SecureHandleFree(SEC_HANDLE* handle);
+
+#endif /* FREERDP_AUTH_SSPI_PRIVATE_H */