libfreerdp-auth: added QueryContextAttributes structure definitions

include/freerdp/auth/sspi.h

@@ -23,6 +23,26 @@
 #include <freerdp/api.h>
 #include <freerdp/types.h>
 
+struct _SEC_INTEGER
+{
+	uint32 LowPart;
+	sint32 HighPart;
+};
+typedef struct _SEC_INTEGER SEC_INTEGER;
+
+typedef SEC_INTEGER SEC_TIMESTAMP;
+
+struct _SEC_PKG_INFO
+{
+	uint32 fCapabilities;
+	uint16 wVersion;
+	uint16 wRPCID;
+	uint32 cbMaxToken;
+	char* Name;
+	char* Comment;
+};
+typedef struct _SEC_PKG_INFO SEC_PKG_INFO;
+
 #define SECPKG_ID_NONE				0xFFFF
 
 #define SECPKG_FLAG_INTEGRITY			0x00000001
@@ -179,6 +199,196 @@ typedef uint32 SECURITY_STATUS;
 #define SECPKG_ATTR_NEGO_STATUS				32
 #define SECPKG_ATTR_CONTEXT_DELETED			33
 
+struct _SEC_PKG_CONTEXT_ACCESS_TOKEN
+{
+	void* AccessToken;
+};
+typedef struct _SEC_PKG_CONTEXT_ACCESS_TOKEN SEC_PKG_CONTEXT_ACCESS_TOKEN;
+
+struct _SEC_PKG_CONTEXT_SESSION_APP_DATA
+{
+	uint32 dwFlags;
+	uint32 cbAppData;
+	uint8* pbAppData;
+};
+typedef struct _SEC_PKG_CONTEXT_SESSION_APP_DATA SEC_PKG_CONTEXT_SESSION_APP_DATA;
+
+struct _SEC_PKG_CONTEXT_AUTHORITY
+{
+	char* sAuthorityName;
+};
+typedef struct _SEC_PKG_CONTEXT_AUTHORITY SEC_PKG_CONTEXT_AUTHORITY;
+
+struct _SEC_PKG_CONTEXT_CLIENT_SPECIFIED_TARGET
+{
+	char* sTargetName;
+};
+typedef struct _SEC_PKG_CONTEXT_CLIENT_SPECIFIED_TARGET SEC_PKG_CONTEXT_CLIENT_SPECIFIED_TARGET;
+
+typedef uint32 ALG_ID;
+
+struct _SEC_PKG_CONTEXT_CONNECTION_INFO
+{
+	uint32 dwProtocol;
+	ALG_ID aiCipher;
+	uint32 dwCipherStrength;
+	ALG_ID aiHash;
+	uint32 dwHashStrength;
+	ALG_ID aiExch;
+	uint32 dwExchStrength;
+};
+typedef struct _SEC_PKG_CONTEXT_CONNECTION_INFO SEC_PKG_CONTEXT_CONNECTION_INFO;
+
+struct _SEC_PKG_CONTEXT_CLIENT_CREDS
+{
+	uint32 AuthBufferLen;
+	uint8* AuthBuffer;
+};
+typedef struct _SEC_PKG_CONTEXT_CLIENT_CREDS SEC_PKG_CONTEXT_CLIENT_CREDS;
+
+struct _SEC_PKG_CONTEXT_DCE_INFO
+{
+	uint32 AuthzSvc;
+	void* pPac;
+};
+typedef struct _SEC_PKG_CONTEXT_DCE_INFO SEC_PKG_CONTEXT_DCE_INFO;
+
+struct _SEC_CHANNEL_BINDINGS
+{
+	uint32 dwInitiatorAddrType;
+	uint32 cbInitiatorLength;
+	uint32 dwInitiatorOffset;
+	uint32 dwAcceptorAddrType;
+	uint32 cbAcceptorLength;
+	uint32 dwAcceptorOffset;
+	uint32 cbApplicationDataLength;
+	uint32 dwApplicationDataOffset;
+};
+typedef struct _SEC_CHANNEL_BINDINGS SEC_CHANNEL_BINDINGS;
+
+struct _SEC_PKG_CONTEXT_BINDINGS
+{
+	uint32 BindingsLength;
+	SEC_CHANNEL_BINDINGS* Bindings;
+};
+typedef struct _SEC_PKG_CONTEXT_BINDINGS SEC_PKG_CONTEXT_BINDINGS;
+
+struct _SEC_PKG_CONTEXT_EAP_KEY_BLOCK
+{
+	uint8 rgbKeys[128];
+	uint8 rgbIVs[64];
+};
+typedef struct _SEC_PKG_CONTEXT_EAP_KEY_BLOCK SEC_PKG_CONTEXT_EAP_KEY_BLOCK;
+
+struct _SEC_PKG_CONTEXT_FLAGS
+{
+	uint32 Flags;
+};
+typedef struct _SEC_PKG_CONTEXT_FLAGS SEC_PKG_CONTEXT_FLAGS;
+
+struct _SEC_PKG_CONTEXT_KEY_INFO
+{
+	char* sSignatureAlgorithmName;
+	char* sEncryptAlgorithmName;
+	uint32 KeySize;
+	uint32 SignatureAlgorithm;
+	uint32 EncryptAlgorithm;
+};
+typedef struct _SEC_PKG_CONTEXT_KEY_INFO SEC_PKG_CONTEXT_KEY_INFO;
+
+struct _SEC_PKG_CONTEXT_LIFESPAN
+{
+	SEC_TIMESTAMP tsStart;
+	SEC_TIMESTAMP tsExpiry;
+};
+typedef struct _SEC_PKG_CONTEXT_LIFESPAN SEC_PKG_CONTEXT_LIFESPAN;
+
+struct _SEC_PKG_CONTEXT_NAMES
+{
+	char* sUserName;
+};
+typedef struct _SEC_PKG_CONTEXT_NAMES SEC_PKG_CONTEXT_NAMES;
+
+struct _SEC_PKG_CONTEXT_NATIVE_NAMES
+{
+	char* sClientName;
+	char* sServerName;
+};
+typedef struct _SEC_PKG_CONTEXT_NATIVE_NAMES SEC_PKG_CONTEXT_NATIVE_NAMES;
+
+struct _SEC_PKG_CONTEXT_NEGOTIATION_INFO
+{
+	SEC_PKG_INFO* PackageInfo;
+	uint32 NegotiationState;
+};
+typedef struct _SEC_PKG_CONTEXT_NEGOTIATION_INFO SEC_PKG_CONTEXT_NEGOTIATION_INFO;
+
+struct _SEC_PKG_CONTEXT_PACKAGE_INFO
+{
+	SEC_PKG_INFO* PackageInfo;
+};
+typedef struct _SEC_PKG_CONTEXT_PACKAGE_INFO SEC_PKG_CONTEXT_PACKAGE_INFO;
+
+struct _SEC_PKG_CONTEXT_PASSWORD_EXPIRY
+{
+	SEC_TIMESTAMP tsPasswordExpires;
+};
+typedef struct _SEC_PKG_CONTEXT_PASSWORD_EXPIRY SEC_PKG_CONTEXT_PASSWORD_EXPIRY;
+
+struct _SEC_PKG_CONTEXT_SESSION_KEY
+{
+	uint32 SessionKeyLength;
+	uint8* SessionKey;
+};
+typedef struct _SEC_PKG_CONTEXT_SESSION_KEY SEC_PKG_CONTEXT_SESSION_KEY;
+
+struct _SEC_PKG_CONTEXT_SESSION_INFO
+{
+	uint32 dwFlags;
+	uint32 cbSessionId;
+	uint8 rgbSessionId[32];
+};
+typedef struct _SEC_PKG_CONTEXT_SESSION_INFO SEC_PKG_CONTEXT_SESSION_INFO;
+
+struct _SEC_PKG_CONTEXT_SIZES
+{
+	uint32 cbMaxToken;
+	uint32 cbMaxSignature;
+	uint32 cbBlockSize;
+	uint32 cbSecurityTrailer;
+};
+typedef struct _SEC_PKG_CONTEXT_SIZES SEC_PKG_CONTEXT_SIZES;
+
+struct _SEC_PKG_CONTEXT_STREAM_SIZES
+{
+	uint32 cbHeader;
+	uint32 cbTrailer;
+	uint32 cbMaximumMessage;
+	uint32 cBuffers;
+	uint32 cbBlockSize;
+};
+typedef struct _SEC_PKG_CONTEXT_STREAM_SIZES SEC_PKG_CONTEXT_STREAM_SIZES;
+
+struct _SEC_PKG_CONTEXT_SUBJECT_ATTRIBUTES
+{
+	void *AttributeInfo;
+};
+typedef struct _SEC_PKG_CONTEXT_SUBJECT_ATTRIBUTES SEC_PKG_CONTEXT_SUBJECT_ATTRIBUTES;
+
+struct _SEC_PKG_CONTEXT_SUPPORTED_SIGNATURES
+{
+	uint16 cSignatureAndHashAlgorithms;
+	uint16* pSignatureAndHashAlgorithms;
+};
+typedef struct _SEC_PKG_CONTEXT_SUPPORTED_SIGNATURES SEC_PKG_CONTEXT_SUPPORTED_SIGNATURES;
+
+struct _SEC_PKG_CONTEXT_TARGET_INFORMATION
+{
+	uint32 MarshalledTargetInfoLength;
+	uint8* MarshalledTargetInfo;
+};
+typedef struct _SEC_PKG_CONTEXT_TARGET_INFORMATION SEC_PKG_CONTEXT_TARGET_INFORMATION;
+
 /* Security Credentials Attributes */
 
 #define SECPKG_CRED_ATTR_NAMES				1
@@ -293,17 +503,6 @@ typedef struct _SEC_PKG_CREDENTIALS_NAMES SEC_PKG_CREDENTIALS_NAMES;
 #define ASC_RET_NO_PROXY_BINDINGS		0x04000000
 #define ASC_RET_MISSING_BINDINGS		0x10000000
 
-struct _SEC_PKG_INFO
-{
-	uint32 fCapabilities;
-	uint16 wVersion;
-	uint16 wRPCID;
-	uint32 cbMaxToken;
-	char* Name;
-	char* Comment;
-};
-typedef struct _SEC_PKG_INFO SEC_PKG_INFO;
-
 #define SEC_AUTH_IDENTITY_ANSI			0x1
 #define SEC_AUTH_IDENTITY_UNICODE		0x2
 
@@ -329,15 +528,6 @@ typedef struct _SEC_HANDLE SEC_HANDLE;
 typedef SEC_HANDLE CRED_HANDLE;
 typedef SEC_HANDLE CTXT_HANDLE;
 
-struct _SEC_INTEGER
-{
-	uint32 LowPart;
-	sint32 HighPart;
-};
-typedef struct _SEC_INTEGER SEC_INTEGER;
-
-typedef SEC_INTEGER SEC_TIMESTAMP;
-
 #define SECBUFFER_VERSION			0
 
 /* Buffer Types */

libfreerdp-auth/NTLM/ntlm.c

@@ -313,15 +313,27 @@ SECURITY_STATUS ntlm_EncryptMessage(CTXT_HANDLE* phContext, uint32 fQOP, SEC_BUF
 	data = xmalloc(length);
 	memcpy(data, data_buffer->pvBuffer, length);
 
-	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */
+	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
 	HMAC_CTX_init(&hmac);
 	HMAC_Init_ex(&hmac, context->ClientSigningKey, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac, (void*) &context->send_seq_num, 4);
+	HMAC_Update(&hmac, (void*) &(MessageSeqNo), 4);
 	HMAC_Update(&hmac, data, length);
 	HMAC_Final(&hmac, digest, NULL);
+	HMAC_CTX_cleanup(&hmac);
 
 	/* Encrypt message using with RC4, result overwrites original buffer */
 	crypto_rc4(context->send_rc4_seal, length, data, data_buffer->pvBuffer);
+	xfree(data);
+
+#ifdef WITH_DEBUG_NTLM
+	printf("Data Buffer (length = %d)\n", length);
+	freerdp_hexdump(data, length);
+	printf("\n");
+
+	printf("Encrypted Data Buffer (length = %d)\n", data_buffer->cbBuffer);
+	freerdp_hexdump(data_buffer->pvBuffer, data_buffer->cbBuffer);
+	printf("\n");
+#endif
 
 	/* RC4-encrypt first 8 bytes of digest */
 	crypto_rc4(context->send_rc4_seal, 8, digest, checksum);
@@ -332,26 +344,14 @@ SECURITY_STATUS ntlm_EncryptMessage(CTXT_HANDLE* phContext, uint32 fQOP, SEC_BUF
 	memcpy(signature, (void*) &version, 4);
 	memcpy(&signature[4], (void*) checksum, 8);
 	memcpy(&signature[12], (void*) &(MessageSeqNo), 4);
+	context->send_seq_num++;
 
 #ifdef WITH_DEBUG_NTLM
-	printf("Data Buffer (length = %d)\n", length);
-	freerdp_hexdump(data, length);
-	printf("\n");
-
-	printf("Encrypted Data Buffer (length = %d)\n", data_buffer->cbBuffer);
-	freerdp_hexdump(data_buffer->pvBuffer, data_buffer->cbBuffer);
-	printf("\n");
-
 	printf("Signature (length = %d)\n", signature_buffer->cbBuffer);
 	freerdp_hexdump(signature_buffer->pvBuffer, signature_buffer->cbBuffer);
 	printf("\n");
 #endif
 
-	HMAC_CTX_cleanup(&hmac);
-	xfree(data);
-
-	context->send_seq_num++;
-
 	return SEC_E_OK;
 }
 
@@ -393,12 +393,14 @@ SECURITY_STATUS ntlm_DecryptMessage(CTXT_HANDLE* phContext, SEC_BUFFER_DESC* pMe
 	/* Decrypt message using with RC4 */
 	crypto_rc4(context->recv_rc4_seal, length, data, data_buffer->pvBuffer);
 
-	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */
+	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
 	HMAC_CTX_init(&hmac);
 	HMAC_Init_ex(&hmac, context->ServerSigningKey, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac, (void*) &context->recv_seq_num, 4);
+	HMAC_Update(&hmac, (void*) &(MessageSeqNo), 4);
 	HMAC_Update(&hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
 	HMAC_Final(&hmac, digest, NULL);
+	HMAC_CTX_cleanup(&hmac);
+	xfree(data);
 
 	/* RC4-encrypt first 8 bytes of digest */
 	crypto_rc4(context->recv_rc4_seal, 8, digest, checksum);
@@ -406,7 +408,8 @@ SECURITY_STATUS ntlm_DecryptMessage(CTXT_HANDLE* phContext, SEC_BUFFER_DESC* pMe
 	/* Concatenate version, ciphertext and sequence number to build signature */
 	memcpy(expected_signature, (void*) &version, 4);
 	memcpy(&expected_signature[4], (void*) checksum, 8);
-	memcpy(&expected_signature[12], (void*) &(context->recv_seq_num), 4);
+	memcpy(&expected_signature[12], (void*) &(MessageSeqNo), 4);
+	context->recv_seq_num++;
 
 	if (memcmp(signature_buffer->pvBuffer, expected_signature, 16) != 0)
 	{
@@ -415,11 +418,16 @@ SECURITY_STATUS ntlm_DecryptMessage(CTXT_HANDLE* phContext, SEC_BUFFER_DESC* pMe
 		return SEC_E_MESSAGE_ALTERED;
 	}
 
-	HMAC_CTX_cleanup(&hmac);
-	xfree(data);
+	return SEC_E_OK;
+}
 
-	context->recv_seq_num++;
+SECURITY_STATUS ntlm_MakeSignature(CTXT_HANDLE* phContext, uint32 fQOP, SEC_BUFFER_DESC* pMessage, uint32 MessageSeqNo)
+{
+	return SEC_E_OK;
+}
 
+SECURITY_STATUS ntlm_VerifySignature(CTXT_HANDLE* phContext, SEC_BUFFER_DESC* pMessage, uint32 MessageSeqNo, uint32* pfQOP)
+{
 	return SEC_E_OK;
 }
 
@@ -450,8 +458,8 @@ const SECURITY_FUNCTION_TABLE NTLM_SECURITY_FUNCTION_TABLE =
 	ntlm_QueryContextAttributes, /* QueryContextAttributes */
 	NULL, /* ImpersonateSecurityContext */
 	NULL, /* RevertSecurityContext */
-	NULL, /* MakeSignature */
-	NULL, /* VerifySignature */
+	ntlm_MakeSignature, /* MakeSignature */
+	ntlm_VerifySignature, /* VerifySignature */
 	NULL, /* FreeContextBuffer */
 	NULL, /* QuerySecurityPackageInfo */
 	NULL, /* Reserved3 */

libfreerdp-auth/sspi.c

@@ -413,7 +413,7 @@ SECURITY_STATUS AcquireCredentialsHandle(char* pszPrincipal, char* pszPackage,
 	if (!table)
 		return SEC_E_SECPKG_NOT_FOUND;
 
-	if (!(table->AcquireCredentialsHandle))
+	if (table->AcquireCredentialsHandle == NULL)
 		return SEC_E_UNSUPPORTED_FUNCTION;
 
 	status = table->AcquireCredentialsHandle(pszPrincipal, pszPackage, fCredentialUse,
@@ -443,7 +443,7 @@ SECURITY_STATUS FreeCredentialsHandle(CRED_HANDLE* phCredential)
 	if (!table)
 		return SEC_E_SECPKG_NOT_FOUND;
 
-	if (!(table->FreeCredentialsHandle))
+	if (table->FreeCredentialsHandle == NULL)
 		return SEC_E_UNSUPPORTED_FUNCTION;
 
 	status = table->FreeCredentialsHandle(phCredential);
@@ -472,6 +472,9 @@ SECURITY_STATUS QueryCredentialsAttributes(CRED_HANDLE* phCredential, uint32 ulA
 	if (!table)
 		return SEC_E_SECPKG_NOT_FOUND;
 
+	if (table->QueryCredentialsAttributes == NULL)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
 	status = table->QueryCredentialsAttributes(phCredential, ulAttribute, pBuffer);
 
 	return status;
@@ -535,6 +538,9 @@ SECURITY_STATUS InitializeSecurityContext(CRED_HANDLE* phCredential, CTXT_HANDLE
 	if (!table)
 		return SEC_E_SECPKG_NOT_FOUND;
 
+	if (table->InitializeSecurityContext == NULL)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
 	status = table->InitializeSecurityContext(phCredential, phContext,
 			pszTargetName, fContextReq, Reserved1, TargetDataRep,
 			pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry);
@@ -544,7 +550,26 @@ SECURITY_STATUS InitializeSecurityContext(CRED_HANDLE* phCredential, CTXT_HANDLE
 
 SECURITY_STATUS QueryContextAttributes(CTXT_HANDLE* phContext, uint32 ulAttribute, void* pBuffer)
 {
-	return SEC_E_OK;
+	char* Name;
+	SECURITY_STATUS status;
+	SECURITY_FUNCTION_TABLE* table;
+
+	Name = (char*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableByName(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (table->QueryContextAttributes == NULL)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->QueryContextAttributes(phContext, ulAttribute, pBuffer);
+
+	return status;
 }
 
 SECURITY_STATUS QuerySecurityContextToken(CTXT_HANDLE* phContext, void* phToken)
@@ -580,6 +605,9 @@ SECURITY_STATUS DecryptMessage(CTXT_HANDLE* phContext, SEC_BUFFER_DESC* pMessage
 	if (!table)
 		return SEC_E_SECPKG_NOT_FOUND;
 
+	if (table->DecryptMessage == NULL)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
 	status = table->DecryptMessage(phContext, pMessage, MessageSeqNo, pfQOP);
 
 	return status;
@@ -601,6 +629,9 @@ SECURITY_STATUS EncryptMessage(CTXT_HANDLE* phContext, uint32 fQOP, SEC_BUFFER_D
 	if (!table)
 		return SEC_E_SECPKG_NOT_FOUND;
 
+	if (table->EncryptMessage == NULL)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
 	status = table->EncryptMessage(phContext, fQOP, pMessage, MessageSeqNo);
 
 	return status;
@@ -608,12 +639,50 @@ SECURITY_STATUS EncryptMessage(CTXT_HANDLE* phContext, uint32 fQOP, SEC_BUFFER_D
 
 SECURITY_STATUS MakeSignature(CTXT_HANDLE* phContext, uint32 fQOP, SEC_BUFFER_DESC* pMessage, uint32 MessageSeqNo)
 {
-	return SEC_E_OK;
+	char* Name;
+	SECURITY_STATUS status;
+	SECURITY_FUNCTION_TABLE* table;
+
+	Name = (char*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableByName(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (table->MakeSignature == NULL)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->MakeSignature(phContext, fQOP, pMessage, MessageSeqNo);
+
+	return status;
 }
 
 SECURITY_STATUS VerifySignature(CTXT_HANDLE* phContext, SEC_BUFFER_DESC* pMessage, uint32 MessageSeqNo, uint32* pfQOP)
 {
-	return SEC_E_OK;
+	char* Name;
+	SECURITY_STATUS status;
+	SECURITY_FUNCTION_TABLE* table;
+
+	Name = (char*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableByName(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (table->VerifySignature == NULL)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
+
+	return status;
 }
 
 const SECURITY_FUNCTION_TABLE SSPI_SECURITY_FUNCTION_TABLE =