mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

More SSPI logging.

Browse Source
This commit is contained in:
Armin Novak 2015-07-07 17:17:29 +02:00
parent 5b0ee9b7ab
commit 48ccf73a36
4 changed files with 360 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
libfreerdp/core/gateway/ntlm.c
View File

@ -54,19 +54,21 @@ BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char*
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "QuerySecurityPackageInfo status: 0x%08X", status);
WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [%08X]",
GetSecurityStatusString(status), status);
return FALSE;
}
ntlm->cbMaxToken = ntlm->pPackageInfo->cbMaxToken;
status = ntlm->table->AcquireCredentialsHandle(NULL, NTLMSP_NAME,
SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL,
&ntlm->credentials, &ntlm->expiration);
SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL,
&ntlm->credentials, &ntlm->expiration);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "AcquireCredentialsHandle status: 0x%08X", status);
WLog_ERR(TAG, "AcquireCredentialsHandle status %s [%08X]",
GetSecurityStatusString(status), status);
return FALSE;
}
@ -86,11 +88,11 @@ BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char*
else
{
/**
* flags for RPC authentication:
* RPC_C_AUTHN_LEVEL_PKT_INTEGRITY:
* ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH |
* ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT
*/
* flags for RPC authentication:
* RPC_C_AUTHN_LEVEL_PKT_INTEGRITY:
* ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH |
* ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT
*/
ntlm->fContextReq |= ISC_REQ_USE_DCE_STYLE;
ntlm->fContextReq |= ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH;
@ -223,21 +225,33 @@ BOOL ntlm_authenticate(rdpNtlm* ntlm)
}
status = ntlm->table->InitializeSecurityContext(&ntlm->credentials,
(ntlm->haveContext) ? &ntlm->context : NULL,
(ntlm->ServicePrincipalName) ? ntlm->ServicePrincipalName : NULL,
ntlm->fContextReq, 0, SECURITY_NATIVE_DREP,
(ntlm->haveInputBuffer) ? &ntlm->inputBufferDesc : NULL,
0, &ntlm->context, &ntlm->outputBufferDesc,
&ntlm->pfContextAttr, &ntlm->expiration);
(ntlm->haveContext) ? &ntlm->context : NULL,
(ntlm->ServicePrincipalName) ? ntlm->ServicePrincipalName : NULL,
ntlm->fContextReq, 0, SECURITY_NATIVE_DREP,
(ntlm->haveInputBuffer) ? &ntlm->inputBufferDesc : NULL,
0, &ntlm->context, &ntlm->outputBufferDesc,
&ntlm->pfContextAttr, &ntlm->expiration);
WLog_VRB(TAG, "InitializeSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) || (status == SEC_E_OK))
{
if (ntlm->table->CompleteAuthToken)
ntlm->table->CompleteAuthToken(&ntlm->context, &ntlm->outputBufferDesc);
if (ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes) != SEC_E_OK)
{
WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure");
SECURITY_STATUS cStatus;
cStatus = ntlm->table->CompleteAuthToken(&ntlm->context, &ntlm->outputBufferDesc);
if (cStatus != SEC_E_OK)
{
WLog_WARN(TAG, "CompleteAuthToken status %s [%08X]",
GetSecurityStatusString(cStatus), cStatus);
}
}
status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure %s [%08X]",
GetSecurityStatusString(status), status);
return FALSE;
}
@ -275,9 +289,26 @@ void ntlm_client_uninit(rdpNtlm* ntlm)
if (ntlm->table)
{
ntlm->table->FreeCredentialsHandle(&ntlm->credentials);
ntlm->table->FreeContextBuffer(ntlm->pPackageInfo);
ntlm->table->DeleteSecurityContext(&ntlm->context);
SECURITY_STATUS status;
status = ntlm->table->FreeCredentialsHandle(&ntlm->credentials);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "FreeCredentialsHandle status %s [%08X]",
GetSecurityStatusString(status), status);
}
status = ntlm->table->FreeContextBuffer(ntlm->pPackageInfo);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "FreeContextBuffer status %s [%08X]",
GetSecurityStatusString(status), status);
}
status = ntlm->table->DeleteSecurityContext(&ntlm->context);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "DeleteSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
}
ntlm->table = NULL;
}
}

192
libfreerdp/core/gateway/rpc_client.c
View File

@ -132,37 +132,37 @@ int rpc_client_transition_to_state(rdpRpc* rpc, RPC_CLIENT_STATE state)
switch (state)
{
case RPC_CLIENT_STATE_INITIAL:
str = "RPC_CLIENT_STATE_INITIAL";
break;
case RPC_CLIENT_STATE_INITIAL:
str = "RPC_CLIENT_STATE_INITIAL";
break;
case RPC_CLIENT_STATE_ESTABLISHED:
str = "RPC_CLIENT_STATE_ESTABLISHED";
break;
case RPC_CLIENT_STATE_ESTABLISHED:
str = "RPC_CLIENT_STATE_ESTABLISHED";
break;
case RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK:
str = "RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK";
break;
case RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK:
str = "RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK";
break;
case RPC_CLIENT_STATE_WAIT_UNSECURE_BIND_ACK:
str = "RPC_CLIENT_STATE_WAIT_UNSECURE_BIND_ACK";
break;
case RPC_CLIENT_STATE_WAIT_UNSECURE_BIND_ACK:
str = "RPC_CLIENT_STATE_WAIT_UNSECURE_BIND_ACK";
break;
case RPC_CLIENT_STATE_WAIT_SECURE_ALTER_CONTEXT_RESPONSE:
str = "RPC_CLIENT_STATE_WAIT_SECURE_ALTER_CONTEXT_RESPONSE";
break;
case RPC_CLIENT_STATE_WAIT_SECURE_ALTER_CONTEXT_RESPONSE:
str = "RPC_CLIENT_STATE_WAIT_SECURE_ALTER_CONTEXT_RESPONSE";
break;
case RPC_CLIENT_STATE_CONTEXT_NEGOTIATED:
str = "RPC_CLIENT_STATE_CONTEXT_NEGOTIATED";
break;
case RPC_CLIENT_STATE_CONTEXT_NEGOTIATED:
str = "RPC_CLIENT_STATE_CONTEXT_NEGOTIATED";
break;
case RPC_CLIENT_STATE_WAIT_RESPONSE:
str = "RPC_CLIENT_STATE_WAIT_RESPONSE";
break;
case RPC_CLIENT_STATE_WAIT_RESPONSE:
str = "RPC_CLIENT_STATE_WAIT_RESPONSE";
break;
case RPC_CLIENT_STATE_FINAL:
str = "RPC_CLIENT_STATE_FINAL";
break;
case RPC_CLIENT_STATE_FINAL:
str = "RPC_CLIENT_STATE_FINAL";
break;
}
rpc->State = state;
@ -181,77 +181,77 @@ int rpc_client_recv_pdu(rdpRpc* rpc, RPC_PDU* pdu)
{
switch (rpc->VirtualConnection->State)
{
case VIRTUAL_CONNECTION_STATE_INITIAL:
break;
case VIRTUAL_CONNECTION_STATE_INITIAL:
break;
case VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT:
break;
case VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT:
break;
case VIRTUAL_CONNECTION_STATE_WAIT_A3W:
case VIRTUAL_CONNECTION_STATE_WAIT_A3W:
rts = (rpcconn_rts_hdr_t*) Stream_Buffer(pdu->s);
rts = (rpcconn_rts_hdr_t*) Stream_Buffer(pdu->s);
if (!rts_match_pdu_signature(rpc, &RTS_PDU_CONN_A3_SIGNATURE, rts))
{
WLog_ERR(TAG, "unexpected RTS PDU: Expected CONN/A3");
return -1;
}
if (!rts_match_pdu_signature(rpc, &RTS_PDU_CONN_A3_SIGNATURE, rts))
{
WLog_ERR(TAG, "unexpected RTS PDU: Expected CONN/A3");
return -1;
}
status = rts_recv_CONN_A3_pdu(rpc, Stream_Buffer(pdu->s), Stream_Length(pdu->s));
status = rts_recv_CONN_A3_pdu(rpc, Stream_Buffer(pdu->s), Stream_Length(pdu->s));
if (status < 0)
{
WLog_ERR(TAG, "rts_recv_CONN_A3_pdu failure");
return -1;
}
if (status < 0)
{
WLog_ERR(TAG, "rts_recv_CONN_A3_pdu failure");
return -1;
}
rpc_virtual_connection_transition_to_state(rpc,
rpc->VirtualConnection, VIRTUAL_CONNECTION_STATE_WAIT_C2);
rpc_virtual_connection_transition_to_state(rpc,
rpc->VirtualConnection, VIRTUAL_CONNECTION_STATE_WAIT_C2);
status = 1;
status = 1;
break;
break;
case VIRTUAL_CONNECTION_STATE_WAIT_C2:
case VIRTUAL_CONNECTION_STATE_WAIT_C2:
rts = (rpcconn_rts_hdr_t*) Stream_Buffer(pdu->s);
rts = (rpcconn_rts_hdr_t*) Stream_Buffer(pdu->s);
if (!rts_match_pdu_signature(rpc, &RTS_PDU_CONN_C2_SIGNATURE, rts))
{
WLog_ERR(TAG, "unexpected RTS PDU: Expected CONN/C2");
return -1;
}
if (!rts_match_pdu_signature(rpc, &RTS_PDU_CONN_C2_SIGNATURE, rts))
{
WLog_ERR(TAG, "unexpected RTS PDU: Expected CONN/C2");
return -1;
}
status = rts_recv_CONN_C2_pdu(rpc, Stream_Buffer(pdu->s), Stream_Length(pdu->s));
status = rts_recv_CONN_C2_pdu(rpc, Stream_Buffer(pdu->s), Stream_Length(pdu->s));
if (status < 0)
{
WLog_ERR(TAG, "rts_recv_CONN_C2_pdu failure");
return -1;
}
if (status < 0)
{
WLog_ERR(TAG, "rts_recv_CONN_C2_pdu failure");
return -1;
}
rpc_virtual_connection_transition_to_state(rpc,
rpc->VirtualConnection, VIRTUAL_CONNECTION_STATE_OPENED);
rpc_virtual_connection_transition_to_state(rpc,
rpc->VirtualConnection, VIRTUAL_CONNECTION_STATE_OPENED);
rpc_client_transition_to_state(rpc, RPC_CLIENT_STATE_ESTABLISHED);
rpc_client_transition_to_state(rpc, RPC_CLIENT_STATE_ESTABLISHED);
if (rpc_send_bind_pdu(rpc) < 0)
{
WLog_ERR(TAG, "rpc_send_bind_pdu failure");
return -1;
}
if (rpc_send_bind_pdu(rpc) < 0)
{
WLog_ERR(TAG, "rpc_send_bind_pdu failure");
return -1;
}
rpc_client_transition_to_state(rpc, RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK);
rpc_client_transition_to_state(rpc, RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK);
status = 1;
status = 1;
break;
break;
case VIRTUAL_CONNECTION_STATE_OPENED:
break;
case VIRTUAL_CONNECTION_STATE_OPENED:
break;
case VIRTUAL_CONNECTION_STATE_FINAL:
break;
case VIRTUAL_CONNECTION_STATE_FINAL:
break;
}
}
else if (rpc->State < RPC_CLIENT_STATE_CONTEXT_NEGOTIATED)
@ -361,7 +361,7 @@ int rpc_client_recv_fragment(rdpRpc* rpc, wStream* fragment)
if (rpc->StubCallId != header->common.call_id)
{
WLog_ERR(TAG, "invalid call_id: actual: %d, expected: %d, frag_count: %d",
rpc->StubCallId, header->common.call_id, rpc->StubFragCount);
rpc->StubCallId, header->common.call_id, rpc->StubFragCount);
}
call = rpc_client_call_find_by_id(rpc, rpc->StubCallId);
@ -503,7 +503,7 @@ int rpc_client_default_out_channel_recv(rdpRpc* rpc)
rpc_ncacn_http_ntlm_uninit(rpc, (RpcChannel*)outChannel);
rpc_out_channel_transition_to_state(outChannel,
CLIENT_OUT_CHANNEL_STATE_NEGOTIATED);
CLIENT_OUT_CHANNEL_STATE_NEGOTIATED);
/* Send CONN/A1 PDU over OUT channel */
@ -514,12 +514,12 @@ int rpc_client_default_out_channel_recv(rdpRpc* rpc)
}
rpc_out_channel_transition_to_state(outChannel,
CLIENT_OUT_CHANNEL_STATE_OPENED);
CLIENT_OUT_CHANNEL_STATE_OPENED);
if (inChannel->State == CLIENT_IN_CHANNEL_STATE_OPENED)
{
rpc_virtual_connection_transition_to_state(rpc,
connection, VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT);
connection, VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT);
}
status = 1;
@ -559,7 +559,7 @@ int rpc_client_default_out_channel_recv(rdpRpc* rpc)
http_response_free(response);
rpc_virtual_connection_transition_to_state(rpc,
rpc->VirtualConnection, VIRTUAL_CONNECTION_STATE_WAIT_A3W);
rpc->VirtualConnection, VIRTUAL_CONNECTION_STATE_WAIT_A3W);
status = 1;
}
@ -575,7 +575,7 @@ int rpc_client_default_out_channel_recv(rdpRpc* rpc)
while (Stream_GetPosition(fragment) < RPC_COMMON_FIELDS_LENGTH)
{
status = rpc_out_channel_read(outChannel, Stream_Pointer(fragment),
RPC_COMMON_FIELDS_LENGTH - Stream_GetPosition(fragment));
RPC_COMMON_FIELDS_LENGTH - Stream_GetPosition(fragment));
if (status < 0)
return -1;
@ -594,7 +594,7 @@ int rpc_client_default_out_channel_recv(rdpRpc* rpc)
if (header->frag_length > rpc->max_recv_frag)
{
WLog_ERR(TAG, "rpc_client_recv: invalid fragment size: %d (max: %d)",
header->frag_length, rpc->max_recv_frag);
header->frag_length, rpc->max_recv_frag);
winpr_HexDump(TAG, WLOG_ERROR, Stream_Buffer(fragment), Stream_GetPosition(fragment));
return -1;
}
@ -602,7 +602,7 @@ int rpc_client_default_out_channel_recv(rdpRpc* rpc)
while (Stream_GetPosition(fragment) < header->frag_length)
{
status = rpc_out_channel_read(outChannel, Stream_Pointer(fragment),
header->frag_length - Stream_GetPosition(fragment));
header->frag_length - Stream_GetPosition(fragment));
if (status < 0)
{
@ -778,7 +778,7 @@ int rpc_client_in_channel_recv(rdpRpc* rpc)
rpc_ncacn_http_ntlm_uninit(rpc, (RpcChannel*) inChannel);
rpc_in_channel_transition_to_state(inChannel,
CLIENT_IN_CHANNEL_STATE_NEGOTIATED);
CLIENT_IN_CHANNEL_STATE_NEGOTIATED);
/* Send CONN/B1 PDU over IN channel */
@ -789,12 +789,12 @@ int rpc_client_in_channel_recv(rdpRpc* rpc)
}
rpc_in_channel_transition_to_state(inChannel,
CLIENT_IN_CHANNEL_STATE_OPENED);
CLIENT_IN_CHANNEL_STATE_OPENED);
if (outChannel->State == CLIENT_OUT_CHANNEL_STATE_OPENED)
{
rpc_virtual_connection_transition_to_state(rpc,
connection, VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT);
connection, VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT);
}
status = 1;
@ -829,7 +829,7 @@ RpcClientCall* rpc_client_call_find_by_id(rdpRpc* rpc, UINT32 CallId)
RpcClientCall* clientCall = NULL;
ArrayList_Lock(rpc->client->ClientCallList);
count = ArrayList_Count(rpc->client->ClientCallList);
for (index = 0; index < count; index++)
@ -857,7 +857,7 @@ RpcClientCall* rpc_client_call_new(UINT32 CallId, UINT32 OpNum)
clientCall->CallId = CallId;
clientCall->OpNum = OpNum;
clientCall->State = RPC_CLIENT_CALL_STATE_SEND_PDUS;
return clientCall;
}
@ -883,11 +883,11 @@ int rpc_in_channel_send_pdu(RpcInChannel* inChannel, BYTE* buffer, UINT32 length
clientCall->State = RPC_CLIENT_CALL_STATE_DISPATCHED;
/*
* This protocol specifies that only RPC PDUs are subject to the flow control abstract
* data model. RTS PDUs and the HTTP request and response headers are not subject to flow control.
* Implementations of this protocol MUST NOT include them when computing any of the variables
* specified by this abstract data model.
*/
* This protocol specifies that only RPC PDUs are subject to the flow control abstract
* data model. RTS PDUs and the HTTP request and response headers are not subject to flow control.
* Implementations of this protocol MUST NOT include them when computing any of the variables
* specified by this abstract data model.
*/
if (header->ptype == PTYPE_REQUEST)
{
@ -900,6 +900,7 @@ int rpc_in_channel_send_pdu(RpcInChannel* inChannel, BYTE* buffer, UINT32 length
int rpc_client_write_call(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum)
{
SECURITY_STATUS status;
UINT32 offset;
BYTE* buffer = NULL;
UINT32 stub_data_pad;
@ -918,9 +919,11 @@ int rpc_client_write_call(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum)
return -1;
}
if (ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes) != SEC_E_OK)
status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure");
WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure %s [%08X]",
GetSecurityStatusString(status), status);
return -1;
}
@ -994,7 +997,8 @@ int rpc_client_write_call(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum)
if (encrypt_status != SEC_E_OK)
{
WLog_ERR(TAG, "EncryptMessage status: 0x%08X", encrypt_status);
WLog_ERR(TAG, "EncryptMessage status %s [%08X]",
GetSecurityStatusString(encrypt_status), encrypt_status);
goto out_free_pdu;
}

55
winpr/libwinpr/sspi/Negotiate/negotiate.c
View File

@ -3,7 +3,7 @@
* Negotiate Security Package
*
* Copyright 2011-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com>
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@ -27,6 +27,8 @@
#include "negotiate.h"
#include "../sspi.h"
#include "../log.h"
#define TAG WINPR_TAG("negociate")
extern const SecurityFunctionTableA NTLM_SecurityFunctionTableA;
extern const SecurityFunctionTableW NTLM_SecurityFunctionTableW;
@ -59,9 +61,9 @@ void negotiate_ContextFree(NEGOTIATE_CONTEXT* context)
}
SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(PCredHandle phCredential, PCtxtHandle phContext,
SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
{
SECURITY_STATUS status;
NEGOTIATE_CONTEXT* context;
@ -80,16 +82,16 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(PCredHandle phCre
}
status = context->sspiW->InitializeSecurityContextW(phCredential, &(context->SubContext),
pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput, Reserved2, &(context->SubContext),
pOutput, pfContextAttr, ptsExpiry);
pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput, Reserved2, &(context->SubContext),
pOutput, pfContextAttr, ptsExpiry);
return status;
}
SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext,
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
{
SECURITY_STATUS status;
NEGOTIATE_CONTEXT* context;
@ -108,15 +110,15 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCre
}
status = context->sspiA->InitializeSecurityContextA(phCredential, &(context->SubContext),
pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput, Reserved2, &(context->SubContext),
pOutput, pfContextAttr, ptsExpiry);
pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput, Reserved2, &(context->SubContext),
pOutput, pfContextAttr, ptsExpiry);
return status;
}
SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext,
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
{
SECURITY_STATUS status;
NEGOTIATE_CONTEXT* context;
@ -135,10 +137,15 @@ SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(PCredHandle phCredenti
}
status = context->sspiA->AcceptSecurityContext(phCredential, &(context->SubContext),
pInput, fContextReq, TargetDataRep, &(context->SubContext),
pOutput, pfContextAttr, ptsTimeStamp);
pInput, fContextReq, TargetDataRep, &(context->SubContext),
pOutput, pfContextAttr, ptsTimeStamp);
return status;
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "AcceptSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
SECURITY_STATUS SEC_ENTRY negotiate_CompleteAuthToken(PCtxtHandle phContext, PSecBufferDesc pToken)
@ -284,15 +291,15 @@ SECURITY_STATUS SEC_ENTRY negotiate_SetContextAttributesA(PCtxtHandle phContext,
}
SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleW(SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
{
SSPI_CREDENTIALS* credentials;
SEC_WINNT_AUTH_IDENTITY* identity;
if ((fCredentialUse != SECPKG_CRED_OUTBOUND) &&
(fCredentialUse != SECPKG_CRED_INBOUND) &&
(fCredentialUse != SECPKG_CRED_BOTH))
(fCredentialUse != SECPKG_CRED_INBOUND) &&
(fCredentialUse != SECPKG_CRED_BOTH))
{
return SEC_E_INVALID_PARAMETER;
}
@ -318,15 +325,15 @@ SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleW(SEC_WCHAR* pszPrin
}
SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
{
SSPI_CREDENTIALS* credentials;
SEC_WINNT_AUTH_IDENTITY* identity;
if ((fCredentialUse != SECPKG_CRED_OUTBOUND) &&
(fCredentialUse != SECPKG_CRED_INBOUND) &&
(fCredentialUse != SECPKG_CRED_BOTH))
(fCredentialUse != SECPKG_CRED_INBOUND) &&
(fCredentialUse != SECPKG_CRED_BOTH))
{
return SEC_E_INVALID_PARAMETER;
}

205
winpr/libwinpr/sspi/sspi_winpr.c
View File

@ -37,6 +37,9 @@
#include "sspi_winpr.h"
#include "../log.h"
#define TAG WINPR_TAG("sspi")
/* Authentication Functions: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731/ */
extern const SecPkgInfoA NTLM_SecPkgInfoA;
@ -194,7 +197,7 @@ void* sspi_ContextBufferAlloc(UINT32 allocatorIndex, size_t size)
if (!ContextBufferAllocTable.entries[index].contextBuffer)
{
contextBuffer = calloc(1, size);
if (!contextBuffer)
return NULL;
@ -399,7 +402,7 @@ int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, SEC_WINNT_AUTH_IDEN
if (srcIdentity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
{
status = sspi_SetAuthIdentity(identity, (char*) srcIdentity->User,
(char*) srcIdentity->Domain, (char*) srcIdentity->Password);
(char*) srcIdentity->Domain, (char*) srcIdentity->Password);
if (status <= 0)
return -1;
@ -580,13 +583,13 @@ void sspi_ContextBufferFree(void* contextBuffer)
switch (allocatorIndex)
{
case EnumerateSecurityPackagesIndex:
FreeContextBuffer_EnumerateSecurityPackages(contextBuffer);
break;
case EnumerateSecurityPackagesIndex:
FreeContextBuffer_EnumerateSecurityPackages(contextBuffer);
break;
case QuerySecurityPackageInfoIndex:
FreeContextBuffer_QuerySecurityPackageInfo(contextBuffer);
break;
case QuerySecurityPackageInfoIndex:
FreeContextBuffer_QuerySecurityPackageInfo(contextBuffer);
break;
}
}
}
@ -786,8 +789,8 @@ void FreeContextBuffer_QuerySecurityPackageInfo(void* contextBuffer)
/* Credential Management */
SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleW(SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
{
SECURITY_STATUS status;
SecurityFunctionTableW* table = sspi_GetSecurityFunctionTableWByNameW(pszPackage);
@ -799,14 +802,19 @@ SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleW(SEC_WCHAR* pszPrincipa
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->AcquireCredentialsHandleW(pszPrincipal, pszPackage, fCredentialUse,
pvLogonID, pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential, ptsExpiry);
pvLogonID, pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential, ptsExpiry);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "AcquireCredentialsHandleW status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
{
SECURITY_STATUS status;
SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(pszPackage);
@ -818,7 +826,13 @@ SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->AcquireCredentialsHandleA(pszPrincipal, pszPackage, fCredentialUse,
pvLogonID, pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential, ptsExpiry);
pvLogonID, pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential, ptsExpiry);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "AcquireCredentialsHandleA status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -844,6 +858,12 @@ SECURITY_STATUS SEC_ENTRY winpr_ExportSecurityContext(PCtxtHandle phContext, ULO
status = table->ExportSecurityContext(phContext, fFlags, pPackedContext, pToken);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "ExportSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -868,6 +888,11 @@ SECURITY_STATUS SEC_ENTRY winpr_FreeCredentialsHandle(PCredHandle phCredential)
status = table->FreeCredentialsHandle(phCredential);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "FreeCredentialsHandle status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -892,6 +917,12 @@ SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextW(SEC_WCHAR* pszPackage, PS
status = table->ImportSecurityContextW(pszPackage, pPackedContext, pToken, phContext);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "ImportSecurityContextW status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -916,6 +947,12 @@ SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextA(SEC_CHAR* pszPackage, PSe
status = table->ImportSecurityContextA(pszPackage, pPackedContext, pToken, phContext);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "ImportSecurityContextA status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -940,6 +977,12 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesW(PCredHandle phCreden
status = table->QueryCredentialsAttributesW(phCredential, ulAttribute, pBuffer);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "QueryCredentialsAttributesW status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -964,14 +1007,20 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesA(PCredHandle phCreden
status = table->QueryCredentialsAttributesA(phCredential, ulAttribute, pBuffer);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "QueryCredentialsAttributesA status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
/* Context Management */
SECURITY_STATUS SEC_ENTRY winpr_AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext,
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
{
char* Name;
SECURITY_STATUS status;
@ -991,7 +1040,13 @@ SECURITY_STATUS SEC_ENTRY winpr_AcceptSecurityContext(PCredHandle phCredential,
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->AcceptSecurityContext(phCredential, phContext, pInput, fContextReq,
TargetDataRep, phNewContext, pOutput, pfContextAttr, ptsTimeStamp);
TargetDataRep, phNewContext, pOutput, pfContextAttr, ptsTimeStamp);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "AcceptSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1017,6 +1072,12 @@ SECURITY_STATUS SEC_ENTRY winpr_ApplyControlToken(PCtxtHandle phContext, PSecBuf
status = table->ApplyControlToken(phContext, pInput);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "ApplyControlToken status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1041,6 +1102,12 @@ SECURITY_STATUS SEC_ENTRY winpr_CompleteAuthToken(PCtxtHandle phContext, PSecBuf
status = table->CompleteAuthToken(phContext, pToken);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "CompleteAuthToken status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1065,6 +1132,12 @@ SECURITY_STATUS SEC_ENTRY winpr_DeleteSecurityContext(PCtxtHandle phContext)
status = table->DeleteSecurityContext(phContext);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "DeleteSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1099,13 +1172,19 @@ SECURITY_STATUS SEC_ENTRY winpr_ImpersonateSecurityContext(PCtxtHandle phContext
status = table->ImpersonateSecurityContext(phContext);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "ImpersonateSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextW(PCredHandle phCredential, PCtxtHandle phContext,
SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
{
SEC_CHAR* Name;
SECURITY_STATUS status;
@ -1125,16 +1204,22 @@ SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextW(PCredHandle phCredent
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->InitializeSecurityContextW(phCredential, phContext,
pszTargetName, fContextReq, Reserved1, TargetDataRep,
pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry);
pszTargetName, fContextReq, Reserved1, TargetDataRep,
pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "InitializeSecurityContextW status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext,
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
{
SEC_CHAR* Name;
SECURITY_STATUS status;
@ -1154,8 +1239,14 @@ SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextA(PCredHandle phCredent
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->InitializeSecurityContextA(phCredential, phContext,
pszTargetName, fContextReq, Reserved1, TargetDataRep,
pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry);
pszTargetName, fContextReq, Reserved1, TargetDataRep,
pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "InitializeSecurityContextA status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1181,6 +1272,12 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesW(PCtxtHandle phContext, U
status = table->QueryContextAttributesW(phContext, ulAttribute, pBuffer);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "QueryContextAttributesW status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1205,6 +1302,12 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesA(PCtxtHandle phContext, U
status = table->QueryContextAttributesA(phContext, ulAttribute, pBuffer);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "QueryContextAttributesA status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1229,6 +1332,12 @@ SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityContextToken(PCtxtHandle phContext,
status = table->QuerySecurityContextToken(phContext, phToken);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "QuerySecurityContextToken status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1253,6 +1362,12 @@ SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesW(PCtxtHandle phContext, ULO
status = table->SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "SetContextAttributesW status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1277,6 +1392,12 @@ SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesA(PCtxtHandle phContext, ULO
status = table->SetContextAttributesA(phContext, ulAttribute, pBuffer, cbBuffer);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "SetContextAttributesA status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1301,6 +1422,12 @@ SECURITY_STATUS SEC_ENTRY winpr_RevertSecurityContext(PCtxtHandle phContext)
status = table->RevertSecurityContext(phContext);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "RevertSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1327,6 +1454,12 @@ SECURITY_STATUS SEC_ENTRY winpr_DecryptMessage(PCtxtHandle phContext, PSecBuffer
status = table->DecryptMessage(phContext, pMessage, MessageSeqNo, pfQOP);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "DecryptMessage status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1351,6 +1484,12 @@ SECURITY_STATUS SEC_ENTRY winpr_EncryptMessage(PCtxtHandle phContext, ULONG fQOP
status = table->EncryptMessage(phContext, fQOP, pMessage, MessageSeqNo);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "EncryptMessage status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1375,6 +1514,12 @@ SECURITY_STATUS SEC_ENTRY winpr_MakeSignature(PCtxtHandle phContext, ULONG fQOP,
status = table->MakeSignature(phContext, fQOP, pMessage, MessageSeqNo);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "MakeSignature status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
@ -1399,6 +1544,12 @@ SECURITY_STATUS SEC_ENTRY winpr_VerifySignature(PCtxtHandle phContext, PSecBuffe
status = table->VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "VerifySignature status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}