libfreerdp-auth: started FreeContextBuffer()

2012-02-24 15:00:49 -05:00 · 2012-02-24 15:00:49 -05:00 · a30fbf3905
commit a30fbf3905
parent d8092bf380
5 changed files with 228 additions and 76 deletions
--- a/cunit/test_sspi.c
+++ b/cunit/test_sspi.c
@ -29,11 +29,13 @@

 int init_sspi_suite(void)
 {
+	sspi_GlobalInit();
 	return 0;
 }

 int clean_sspi_suite(void)
 {
+	sspi_GlobalFinish();
 	return 0;
 }

@ -196,6 +198,8 @@ void test_InitializeSecurityContext(void)
 	printf("BufferType: 0x%04X cbBuffer:%d\n", p_sec_buffer->BufferType, p_sec_buffer->cbBuffer);

 	freerdp_hexdump((uint8*) p_sec_buffer->pvBuffer, p_sec_buffer->cbBuffer);
+
+	table->FreeCredentialsHandle(&credentials);
 }


--- a/include/freerdp/auth/sspi.h
+++ b/include/freerdp/auth/sspi.h
@ -515,4 +515,9 @@ FREERDP_API SECURITY_STATUS EncryptMessage(CTXT_HANDLE* phContext, uint32 fQOP,
 FREERDP_API SECURITY_STATUS MakeSignature(CTXT_HANDLE* phContext, uint32 fQOP, SEC_BUFFER_DESC* pMessage, uint32 MessageSeqNo);
 FREERDP_API SECURITY_STATUS VerifySignature(CTXT_HANDLE* phContext, SEC_BUFFER_DESC* pMessage, uint32 MessageSeqNo, uint32* pfQOP);

+/* Custom API */
+
+void sspi_GlobalInit();
+void sspi_GlobalFinish();
+
 #endif /* FREERDP_AUTH_SSPI_H */
--- a/libfreerdp-auth/NTLM/ntlm.c
+++ b/libfreerdp-auth/NTLM/ntlm.c
@ -82,6 +82,23 @@ SECURITY_STATUS ntlm_AcquireCredentialsHandle(char* pszPrincipal, char* pszPacka
 	return SEC_E_OK;
 }

+SECURITY_STATUS ntlm_FreeCredentialsHandle(CRED_HANDLE* phCredential)
+{
+	CREDENTIALS* credentials;
+
+	if (!phCredential)
+		return SEC_E_INVALID_HANDLE;
+
+	credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
+
+	if (!credentials)
+		return SEC_E_INVALID_HANDLE;
+
+	sspi_CredentialsFree(credentials);
+
+	return SEC_E_OK;
+}
+
 SECURITY_STATUS ntlm_QueryCredentialsAttributes(CRED_HANDLE* phCredential, uint32 ulAttribute, void* pBuffer)
 {
 	if (ulAttribute == SECPKG_CRED_ATTR_NAMES)
@ -158,7 +175,7 @@ const SECURITY_FUNCTION_TABLE NTLM_SECURITY_FUNCTION_TABLE =
 	NULL, /* Reserved1 */
 	ntlm_QueryCredentialsAttributes, /* QueryCredentialsAttributes */
 	ntlm_AcquireCredentialsHandle, /* AcquireCredentialsHandle */
-	NULL, /* FreeCredentialsHandle */
+	ntlm_FreeCredentialsHandle, /* FreeCredentialsHandle */
 	NULL, /* Reserved2 */
 	ntlm_InitializeSecurityContext, /* InitializeSecurityContext */
 	NULL, /* AcceptSecurityContext */
--- a/libfreerdp-auth/sspi.c
+++ b/libfreerdp-auth/sspi.c
@ -54,6 +54,109 @@ const SECURITY_FUNCTION_TABLE_NAME SECURITY_FUNCTION_TABLE_NAME_LIST[] =
 #define SEC_HANDLE_LOWER_MAX	0xFFFFFFFF
 #define SEC_HANDLE_UPPER_MAX	0xFFFFFFFE

+struct _CONTEXT_BUFFER_ALLOC_ENTRY
+{
+	void* contextBuffer;
+	uint32 allocatorIndex;
+};
+typedef struct _CONTEXT_BUFFER_ALLOC_ENTRY CONTEXT_BUFFER_ALLOC_ENTRY;
+
+struct _CONTEXT_BUFFER_ALLOC_TABLE
+{
+	uint32 cEntries;
+	uint32 cMaxEntries;
+	CONTEXT_BUFFER_ALLOC_ENTRY* entries;
+};
+typedef struct _CONTEXT_BUFFER_ALLOC_TABLE CONTEXT_BUFFER_ALLOC_TABLE;
+
+CONTEXT_BUFFER_ALLOC_TABLE ContextBufferAllocTable;
+
+void sspi_ContextBufferAllocTableNew()
+{
+	size_t size;
+
+	ContextBufferAllocTable.cEntries = 0;
+	ContextBufferAllocTable.cMaxEntries = 64;
+
+	size = sizeof(CONTEXT_BUFFER_ALLOC_ENTRY) * ContextBufferAllocTable.cMaxEntries;
+
+	ContextBufferAllocTable.entries = xzalloc(size);
+}
+
+void sspi_ContextBufferAllocTableGrow()
+{
+	size_t size;
+	ContextBufferAllocTable.cEntries = 0;
+	ContextBufferAllocTable.cMaxEntries *= 2;
+
+	size = sizeof(CONTEXT_BUFFER_ALLOC_ENTRY) * ContextBufferAllocTable.cMaxEntries;
+
+	ContextBufferAllocTable.entries = xrealloc(ContextBufferAllocTable.entries, size);
+	memset((void*) &ContextBufferAllocTable.entries[ContextBufferAllocTable.cMaxEntries / 2], 0, size / 2);
+}
+
+void sspi_ContextBufferAllocTableFree()
+{
+	ContextBufferAllocTable.cEntries = ContextBufferAllocTable.cMaxEntries = 0;
+	xfree(ContextBufferAllocTable.entries);
+}
+
+void* sspi_ContextBufferAlloc(uint32 allocatorIndex, size_t size)
+{
+	int index;
+
+	for (index = 0; index < ContextBufferAllocTable.cMaxEntries; index++)
+	{
+		if (ContextBufferAllocTable.entries[index].contextBuffer == NULL)
+		{
+			ContextBufferAllocTable.cEntries++;
+			ContextBufferAllocTable.entries[index].contextBuffer = xzalloc(size);
+			ContextBufferAllocTable.entries[index].allocatorIndex = allocatorIndex;
+			return ContextBufferAllocTable.entries[index].contextBuffer;
+		}
+	}
+
+	/* no available entry was found, the table needs to be grown */
+
+	sspi_ContextBufferAllocTableGrow();
+
+	/* the next call to sspi_ContextBufferAlloc() should now succeed */
+
+	return sspi_ContextBufferAlloc(allocatorIndex, size);
+}
+
+void FreeContextBuffer_EnumerateSecurityPackages(SEC_PKG_INFO* pPackageInfo);
+void FreeContextBuffer_QuerySecurityPackageInfo(SEC_PKG_INFO* pPackageInfo);
+
+void sspi_ContextBufferFree(void* contextBuffer)
+{
+	int index;
+	uint32 allocatorIndex;
+
+	for (index = 0; index < ContextBufferAllocTable.cMaxEntries; index++)
+	{
+		if (contextBuffer == ContextBufferAllocTable.entries[index].contextBuffer)
+		{
+			allocatorIndex = ContextBufferAllocTable.entries[index].allocatorIndex;
+
+			ContextBufferAllocTable.cEntries--;
+			ContextBufferAllocTable.entries[index].allocatorIndex = 0;
+			ContextBufferAllocTable.entries[index].contextBuffer = NULL;
+
+			switch (allocatorIndex)
+			{
+				case EnumerateSecurityPackagesIndex:
+					FreeContextBuffer_EnumerateSecurityPackages((SEC_PKG_INFO*) contextBuffer);
+					break;
+
+				case QuerySecurityPackageInfoIndex:
+					FreeContextBuffer_QuerySecurityPackageInfo((SEC_PKG_INFO*) contextBuffer);
+					break;
+			}
+		}
+	}
+}
+
 CREDENTIALS* sspi_CredentialsNew()
 {
 	CREDENTIALS* credentials;
@ -165,79 +268,29 @@ SECURITY_FUNCTION_TABLE* sspi_GetSecurityFunctionTableByName(const char* Name)
 	return NULL;
 }

+void sspi_GlobalInit()
+{
+	sspi_ContextBufferAllocTableNew();
+}
+
+void sspi_GlobalFinish()
+{
+	sspi_ContextBufferAllocTableFree();
+}
+
 /* Package Management */

 SECURITY_STATUS EnumerateSecurityPackages(uint32* pcPackages, SEC_PKG_INFO** ppPackageInfo)
 {
-	/*
-	 * Name: Negotiate
-	 * Comment: Microsoft Package Negotiator
-	 * fCapabilities: 0x00083BB3
-	 * wVersion: 1
-	 * wRPCID: 0x0009
-	 * cbMaxToken: 0x00002FE0
-	 */
-
-	/*
-	 * Name: NegoExtender
-	 * Comment: NegoExtender Security Package
-	 * fCapabilities: 0x00113913
-	 * wVersion: 1
-	 * wRPCID: 0x001E
-	 * cbMaxToken: 0x00002EE0
-	 */
-
-	/*
-	 * Name: Kerberos
-	 * Comment: Microsoft Kerberos V1.0
-	 * fCapabilities: 0x000F3BBF
-	 * wVersion: 1
-	 * wRPCID: 0x0010
-	 * cbMaxToken: 0x00002EE0
-	 */
-
-	/*
-	 * Name: NTLM
-	 * Comment: NTLM Security Package
-	 * fCapabilities: 0x00082B37
-	 * wVersion: 1
-	 * wRPCID: 0x000A
-	 * cbMaxToken: 0x00000B48
-	 */
-
-	/*
-	 * Name: Schannel
-	 * Comment: Schannel Security Package
-	 * fCapabilities: 0x000107B3
-	 * wVersion: 1
-	 * wRPCID: 0x000E
-	 * cbMaxToken: 0x00006000
-	 */
-
-	/*
-	 * Name: TSSSP
-	 * Comment: TS Service Security Package
-	 * fCapabilities: 0x00010230
-	 * wVersion: 1
-	 * wRPCID: 0x0016
-	 * cbMaxToken: 0x000032C8
-	 */
-
-	/*
-	 * Name: CREDSSP
-	 * Comment: Microsoft CredSSP Security Provider
-	 * fCapabilities: 0x000110733
-	 * wVersion: 1
-	 * wRPCID: 0xFFFF
-	 * cbMaxToken: 0x000090A8
-	 */
-
 	int index;
+	size_t size;
 	uint32 cPackages;
 	SEC_PKG_INFO* pPackageInfo;

 	cPackages = sizeof(SEC_PKG_INFO_LIST) / sizeof(SEC_PKG_INFO*);
-	pPackageInfo = (SEC_PKG_INFO*) xmalloc(sizeof(SEC_PKG_INFO) * cPackages);
+	size = sizeof(SEC_PKG_INFO) * cPackages;
+
+	pPackageInfo = (SEC_PKG_INFO*) sspi_ContextBufferAlloc(EnumerateSecurityPackagesIndex, size);

 	for (index = 0; index < cPackages; index++)
 	{
@ -255,6 +308,25 @@ SECURITY_STATUS EnumerateSecurityPackages(uint32* pcPackages, SEC_PKG_INFO** ppP
 	return SEC_E_OK;
 }

+void FreeContextBuffer_EnumerateSecurityPackages(SEC_PKG_INFO* pPackageInfo)
+{
+	int index;
+	uint32 cPackages;
+
+	cPackages = sizeof(SEC_PKG_INFO_LIST) / sizeof(SEC_PKG_INFO*);
+
+	for (index = 0; index < cPackages; index++)
+	{
+		if (pPackageInfo[index].Name)
+			xfree(pPackageInfo[index].Name);
+
+		if (pPackageInfo[index].Comment)
+			xfree(pPackageInfo[index].Comment);
+	}
+
+	xfree(pPackageInfo);
+}
+
 SECURITY_FUNCTION_TABLE* InitSecurityInterface(void)
 {
 	SECURITY_FUNCTION_TABLE* security_function_table;
@ -266,6 +338,7 @@ SECURITY_FUNCTION_TABLE* InitSecurityInterface(void)
 SECURITY_STATUS QuerySecurityPackageInfo(char* pszPackageName, SEC_PKG_INFO** ppPackageInfo)
 {
 	int index;
+	size_t size;
 	uint32 cPackages;
 	SEC_PKG_INFO* pPackageInfo;

@ -275,7 +348,8 @@ SECURITY_STATUS QuerySecurityPackageInfo(char* pszPackageName, SEC_PKG_INFO** pp
 	{
 		if (strcmp(pszPackageName, SEC_PKG_INFO_LIST[index]->Name) == 0)
 		{
-			pPackageInfo = (SEC_PKG_INFO*) xmalloc(sizeof(SEC_PKG_INFO));
+			size = sizeof(SEC_PKG_INFO);
+			pPackageInfo = (SEC_PKG_INFO*) sspi_ContextBufferAlloc(QuerySecurityPackageInfoIndex, size);

 			pPackageInfo->fCapabilities = SEC_PKG_INFO_LIST[index]->fCapabilities;
 			pPackageInfo->wVersion = SEC_PKG_INFO_LIST[index]->wVersion;
@ -295,6 +369,17 @@ SECURITY_STATUS QuerySecurityPackageInfo(char* pszPackageName, SEC_PKG_INFO** pp
 	return SEC_E_SECPKG_NOT_FOUND;
 }

+void FreeContextBuffer_QuerySecurityPackageInfo(SEC_PKG_INFO* pPackageInfo)
+{
+	if (pPackageInfo->Name)
+		xfree(pPackageInfo->Name);
+
+	if (pPackageInfo->Comment)
+		xfree(pPackageInfo->Comment);
+
+	xfree(pPackageInfo);
+}
+
 /* Credential Management */

 SECURITY_STATUS AcquireCredentialsHandle(char* pszPrincipal, char* pszPackage,
@ -323,19 +408,26 @@ SECURITY_STATUS ExportSecurityContext(CTXT_HANDLE* phContext, uint32 fFlags, SEC

 SECURITY_STATUS FreeCredentialsHandle(CRED_HANDLE* phCredential)
 {
-	CREDENTIALS* credentials;
+	char* Name;
+	SECURITY_STATUS status;
+	SECURITY_FUNCTION_TABLE* table;

-	if (!phCredential)
-		return SEC_E_INVALID_HANDLE;
+	Name = (char*) sspi_SecureHandleGetUpperPointer(phCredential);

-	credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;

-	if (!credentials)
-		return SEC_E_INVALID_HANDLE;
+	table = sspi_GetSecurityFunctionTableByName(Name);

-	sspi_CredentialsFree(credentials);
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;

-	return SEC_E_OK;
+	if (!(table->FreeCredentialsHandle))
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->FreeCredentialsHandle(phCredential);
+
+	return status;
 }

 SECURITY_STATUS ImportSecurityContext(char* pszPackage, SEC_BUFFER* pPackedContext, void* pToken, CTXT_HANDLE* phContext)
@ -390,8 +482,10 @@ SECURITY_STATUS DeleteSecurityContext(CTXT_HANDLE* phContext)

 SECURITY_STATUS FreeContextBuffer(void* pvContextBuffer)
 {
-	if (pvContextBuffer != NULL)
-		xfree(pvContextBuffer);
+	if (!pvContextBuffer)
+		return SEC_E_INVALID_HANDLE;
+
+	sspi_ContextBufferFree(pvContextBuffer);

 	return SEC_E_OK;
 }
--- a/libfreerdp-auth/sspi.h
+++ b/libfreerdp-auth/sspi.h
@ -41,4 +41,36 @@ void* sspi_SecureHandleGetUpperPointer(SEC_HANDLE* handle);
 void sspi_SecureHandleSetUpperPointer(SEC_HANDLE* handle, void* pointer);
 void sspi_SecureHandleFree(SEC_HANDLE* handle);

+enum SecurityFunctionTableIndex
+{
+	EnumerateSecurityPackagesIndex = 1,
+	Reserved1Index = 2,
+	QueryCredentialsAttributesIndex = 3,
+	AcquireCredentialsHandleIndex = 4,
+	FreeCredentialsHandleIndex = 5,
+	Reserved2Index = 6,
+	InitializeSecurityContextIndex = 7,
+	AcceptSecurityContextIndex = 8,
+	CompleteAuthTokenIndex = 9,
+	DeleteSecurityContextIndex = 10,
+	ApplyControlTokenIndex = 11,
+	QueryContextAttributesIndex = 12,
+	ImpersonateSecurityContextIndex = 13,
+	RevertSecurityContextIndex = 14,
+	MakeSignatureIndex = 15,
+	VerifySignatureIndex = 16,
+	FreeContextBufferIndex = 17,
+	QuerySecurityPackageInfoIndex = 18,
+	Reserved3Index = 19,
+	Reserved4Index = 20,
+	ExportSecurityContextIndex = 21,
+	ImportSecurityContextIndex = 22,
+	AddCredentialsIndex = 23,
+	Reserved8Index = 24,
+	QuerySecurityContextTokenIndex = 25,
+	EncryptMessageIndex = 26,
+	DecryptMessageIndex = 27,
+	SetContextAttributesIndex = 28
+};
+
 #endif /* FREERDP_AUTH_SSPI_PRIVATE_H */