From 73991c48ce6b993f2c8a9abe780d8106bf2f5b18 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Fri, 19 Apr 2024 14:56:05 +0200
Subject: [PATCH] [winpr,ncrypt] obtain module path from provider

Currently, the module path is hardcoded in the build_pkinit_args function.
Let's obtain the module path from provider as a preparation for the
follow-up changes.
---
 libfreerdp/core/smartcardlogon.c      |  7 +++----
 winpr/include/winpr/ncrypt.h          |  8 ++++++++
 winpr/libwinpr/ncrypt/ncrypt.c        |  9 +++++++++
 winpr/libwinpr/ncrypt/ncrypt.h        |  2 ++
 winpr/libwinpr/ncrypt/ncrypt_pkcs11.c | 16 ++++++++++++++++
 5 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/libfreerdp/core/smartcardlogon.c b/libfreerdp/core/smartcardlogon.c
index f3f558192..98c4d9925 100644
--- a/libfreerdp/core/smartcardlogon.c
+++ b/libfreerdp/core/smartcardlogon.c
@@ -243,13 +243,12 @@ static BOOL set_info_certificate(SmartcardCertInfo* cert, BYTE* certBytes, DWORD
 }
 
 #ifndef _WIN32
-static BOOL build_pkinit_args(const rdpSettings* settings, SmartcardCertInfo* scCert)
+static BOOL build_pkinit_args(NCRYPT_PROV_HANDLE provider, SmartcardCertInfo* scCert)
 {
 	/* pkinit args only under windows
 	 * 		PKCS11:module_name=opensc-pkcs11.so
 	 */
-	const char* Pkcs11Module = freerdp_settings_get_string(settings, FreeRDP_Pkcs11Module);
-	const char* pkModule = Pkcs11Module ? Pkcs11Module : "opensc-pkcs11.so";
+	const char* pkModule = winpr_NCryptGetModulePath(provider);
 	size_t size = 0;
 
 	if (winpr_asprintf(&scCert->pkinitArgs, &size, "PKCS11:module_name=%s:slotid=%" PRIu16,
@@ -515,7 +514,7 @@ static BOOL list_provider_keys(const rdpSettings* settings, NCRYPT_PROV_HANDLE p
 			goto endofloop;
 
 #ifndef _WIN32
-		if (!build_pkinit_args(settings, cert))
+		if (!build_pkinit_args(provider, cert))
 		{
 			WLog_ERR(TAG, "error build pkinit args");
 			goto endofloop;
diff --git a/winpr/include/winpr/ncrypt.h b/winpr/include/winpr/ncrypt.h
index 5f83a98a9..8c19d403f 100644
--- a/winpr/include/winpr/ncrypt.h
+++ b/winpr/include/winpr/ncrypt.h
@@ -212,6 +212,14 @@ extern "C"
 	 */
 	WINPR_API const char* winpr_NCryptSecurityStatusError(SECURITY_STATUS status);
 
+	/**
+	 * Gives a module path of provider handle
+	 *
+	 * @param phProvider [in] provider handle
+	 * @return module path
+	 */
+	WINPR_API const char* winpr_NCryptGetModulePath(NCRYPT_PROV_HANDLE phProvider);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/winpr/libwinpr/ncrypt/ncrypt.c b/winpr/libwinpr/ncrypt/ncrypt.c
index df9c5e1e1..40f92bb73 100644
--- a/winpr/libwinpr/ncrypt/ncrypt.c
+++ b/winpr/libwinpr/ncrypt/ncrypt.c
@@ -345,3 +345,12 @@ const char* winpr_NCryptSecurityStatusError(SECURITY_STATUS status)
 
 #undef NTE_CASE
 }
+
+const char* winpr_NCryptGetModulePath(NCRYPT_PROV_HANDLE phProvider)
+{
+#if defined(WITH_PKCS11)
+	return NCryptGetModulePath(phProvider);
+#else
+	return NULL;
+#endif
+}
diff --git a/winpr/libwinpr/ncrypt/ncrypt.h b/winpr/libwinpr/ncrypt/ncrypt.h
index 222f65536..2f3f2d8fe 100644
--- a/winpr/libwinpr/ncrypt/ncrypt.h
+++ b/winpr/libwinpr/ncrypt/ncrypt.h
@@ -89,6 +89,8 @@ void* ncrypt_new_handle(NCryptHandleType kind, size_t len, NCryptGetPropertyFn g
 SECURITY_STATUS NCryptOpenP11StorageProviderEx(NCRYPT_PROV_HANDLE* phProvider,
                                                LPCWSTR pszProviderName, DWORD dwFlags,
                                                LPCSTR* modulePaths);
+
+const char* NCryptGetModulePath(NCRYPT_PROV_HANDLE phProvider);
 #endif
 
 #endif /* WINPR_LIBWINPR_NCRYPT_NCRYPT_H_ */
diff --git a/winpr/libwinpr/ncrypt/ncrypt_pkcs11.c b/winpr/libwinpr/ncrypt/ncrypt_pkcs11.c
index 4e643b4e8..573fea0ca 100644
--- a/winpr/libwinpr/ncrypt/ncrypt_pkcs11.c
+++ b/winpr/libwinpr/ncrypt/ncrypt_pkcs11.c
@@ -42,6 +42,7 @@ typedef struct
 
 	HANDLE library;
 	CK_FUNCTION_LIST_PTR p11;
+	char* modulePath;
 } NCryptP11ProviderHandle;
 
 /** @brief a handle returned by NCryptOpenKey */
@@ -112,6 +113,8 @@ static SECURITY_STATUS NCryptP11StorageProvider_dtor(NCRYPT_HANDLE handle)
 	{
 	}
 
+	free(provider->modulePath);
+
 	if (provider->library)
 		FreeLibrary(provider->library);
 
@@ -1242,6 +1245,7 @@ SECURITY_STATUS NCryptOpenP11StorageProviderEx(NCRYPT_PROV_HANDLE* phProvider,
 		HANDLE library = LoadLibrary(*modulePaths);
 		typedef CK_RV (*c_get_function_list_t)(CK_FUNCTION_LIST_PTR_PTR);
 		c_get_function_list_t c_get_function_list = NULL;
+		NCryptP11ProviderHandle* provider = NULL;
 
 		WLog_DBG(TAG, "Trying pkcs11-helper module '%s'", *modulePaths);
 		if (!library)
@@ -1264,6 +1268,9 @@ SECURITY_STATUS NCryptOpenP11StorageProviderEx(NCRYPT_PROV_HANDLE* phProvider,
 			goto out_load_library;
 		}
 
+		provider = (NCryptP11ProviderHandle*)*phProvider;
+		provider->modulePath = _strdup(*modulePaths);
+
 		WLog_DBG(TAG, "module '%s' loaded", *modulePaths);
 		return ERROR_SUCCESS;
 
@@ -1275,3 +1282,12 @@ SECURITY_STATUS NCryptOpenP11StorageProviderEx(NCRYPT_PROV_HANDLE* phProvider,
 
 	return status;
 }
+
+const char* NCryptGetModulePath(NCRYPT_PROV_HANDLE phProvider)
+{
+	NCryptP11ProviderHandle* provider = (NCryptP11ProviderHandle*)phProvider;
+
+	WINPR_ASSERT(provider);
+
+	return provider->modulePath;
+}