//+----------------------------------------------------------------------- // // Microsoft Windows // // Copyright (c) Microsoft Corporation 1992 - 1994 // // File: support.cxx // // Contents: support routines for ksecdd.sys // // // History: 3-7-94 Created MikeSw // //------------------------------------------------------------------------ #include // // Global Variables: // BOOLEAN fInitialized = FALSE; SecurityFunctionTable SecTable = {SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION, EnumerateSecurityPackages, NULL, // LogonUser, AcquireCredentialsHandle, FreeCredentialsHandle, NULL, // QueryCredentialAttributes, InitializeSecurityContext, AcceptSecurityContext, CompleteAuthToken, DeleteSecurityContext, ApplyControlToken, QueryContextAttributes, ImpersonateSecurityContext, RevertSecurityContext, MakeSignature, VerifySignature, FreeContextBuffer, NULL, // QuerySecurityPackageInfo SealMessage, UnsealMessage }; #pragma alloc_text(PAGE, SecAllocate) #pragma alloc_text(PAGE, SecFree) #pragma alloc_text(PAGE, IsOkayToExec) #pragma alloc_text(PAGE, InitSecurityInterfaceW) #pragma alloc_text(PAGE, MapSecurityError) #pragma alloc_text(PAGE, GetTokenBuffer) #pragma alloc_text(PAGE, GetSecurityToken) //+------------------------------------------------------------------------- // // Function: SecAllocate // // Synopsis: // // Effects: // // Arguments: // // Requires: // // Returns: // // Notes: // // //-------------------------------------------------------------------------- VOID * SEC_ENTRY SecAllocate(ULONG cbMemory) { PAGED_CODE(); return(ExAllocatePool(PagedPool, cbMemory)); } //+------------------------------------------------------------------------- // // Function: SecFree // // Synopsis: // // Effects: // // Arguments: // // Requires: // // Returns: // // Notes: // // //-------------------------------------------------------------------------- void SEC_ENTRY SecFree(PVOID pvMemory) { PAGED_CODE(); ExFreePool(pvMemory); } //+------------------------------------------------------------------------- // // Function: IsOkayToExec // // Synopsis: Determines if it is okay to make a call to the SPM // // Effects: Binds if necessary to the SPM // // Arguments: // // Requires: // // Returns: // // Notes: uses IsSPMgrReady and InitState // //-------------------------------------------------------------------------- SECURITY_STATUS IsOkayToExec(PClient * ppClient) { SECURITY_STATUS scRet; PClient pClient; PAGED_CODE(); if (NT_SUCCESS(LocateClient(&pClient))) { if (ppClient) *ppClient = pClient; return(STATUS_SUCCESS); } scRet = CreateClient(&pClient); if (!NT_SUCCESS(scRet)) { return(scRet); } if (ppClient) *ppClient = pClient; return(STATUS_SUCCESS); } //+------------------------------------------------------------------------- // // Function: InitSecurityInterfaceW // // Synopsis: returns function table of all the security function and, // more importantly, create a client session. // // Effects: // // Arguments: // // Requires: // // Returns: // // Notes: // //-------------------------------------------------------------------------- PSecurityFunctionTableW SEC_ENTRY InitSecurityInterfaceW(void) { SECURITY_STATUS scRet; PAGED_CODE(); scRet = IsOkayToExec(NULL); if (!NT_SUCCESS(scRet)) { DebugLog((DEB_ERROR, "Failed to init security interface: 0x%x\n",scRet)); return(NULL); } return(&SecTable); } //+------------------------------------------------------------------------- // // Function: MapSecurityError // // Synopsis: maps a HRESULT from the security interface to a NTSTATUS // // Effects: // // Arguments: // // Requires: // // Returns: // // Notes: // // //-------------------------------------------------------------------------- NTSTATUS SEC_ENTRY MapSecurityError(HRESULT Error) { PAGED_CODE(); return((NTSTATUS) Error); } //+------------------------------------------------------------------------- // // Function: GetTokenBuffer // // Synopsis: // // This routine parses a Token Descriptor and pulls out the useful // information. // // Effects: // // Arguments: // // TokenDescriptor - Descriptor of the buffer containing (or to contain) the // token. If not specified, TokenBuffer and TokenSize will be returned // as NULL. // // BufferIndex - Index of the token buffer to find (0 for first, 1 for // second). // // TokenBuffer - Returns a pointer to the buffer for the token. // // TokenSize - Returns a pointer to the location of the size of the buffer. // // ReadonlyOK - TRUE if the token buffer may be readonly. // // Requires: // // Returns: // // TRUE - If token buffer was properly found. // // Notes: // // //-------------------------------------------------------------------------- BOOLEAN GetTokenBuffer( IN PSecBufferDesc TokenDescriptor OPTIONAL, IN ULONG BufferIndex, OUT PVOID * TokenBuffer, OUT PULONG TokenSize, IN BOOLEAN ReadonlyOK ) { ULONG i, Index = 0; PAGED_CODE(); // // If there is no TokenDescriptor passed in, // just pass out NULL to our caller. // if ( !ARGUMENT_PRESENT( TokenDescriptor) ) { *TokenBuffer = NULL; *TokenSize = 0; return TRUE; } // // Check the version of the descriptor. // if ( TokenDescriptor->ulVersion != SECBUFFER_VERSION ) { return FALSE; } // // Loop through each described buffer. // for ( i=0; icBuffers ; i++ ) { PSecBuffer Buffer = &TokenDescriptor->pBuffers[i]; if ( (Buffer->BufferType & (~SECBUFFER_READONLY)) == SECBUFFER_TOKEN ) { // // If the buffer is readonly and readonly isn't OK, // reject the buffer. // if ( !ReadonlyOK && (Buffer->BufferType & SECBUFFER_READONLY) ) { return FALSE; } if (Index != BufferIndex) { Index++; continue; } // // Return the requested information // *TokenBuffer = Buffer->pvBuffer; *TokenSize = Buffer->cbBuffer; return TRUE; } } return FALSE; } //+------------------------------------------------------------------------- // // Function: GetSecurityToken // // Synopsis: // This routine parses a Token Descriptor and pulls out the useful // information. // // Effects: // // Arguments: // TokenDescriptor - Descriptor of the buffer containing (or to contain) the // token. If not specified, TokenBuffer and TokenSize will be returned // as NULL. // // BufferIndex - Index of the token buffer to find (0 for first, 1 for // second). // // TokenBuffer - Returns a pointer to the buffer for the token. // // Requires: // // Returns: // // TRUE - If token buffer was properly found. // // Notes: // // //-------------------------------------------------------------------------- BOOLEAN GetSecurityToken( IN PSecBufferDesc TokenDescriptor OPTIONAL, IN ULONG BufferIndex, OUT PSecBuffer * TokenBuffer ) { ULONG i; ULONG Index = 0; PAGED_CODE(); // // If there is no TokenDescriptor passed in, // just pass out NULL to our caller. // if ( !ARGUMENT_PRESENT( TokenDescriptor) ) { *TokenBuffer = NULL; return TRUE; } // // Check the version of the descriptor. // if ( TokenDescriptor->ulVersion != SECBUFFER_VERSION ) { return FALSE; } // // Loop through each described buffer. // for ( i=0; icBuffers ; i++ ) { PSecBuffer Buffer = &TokenDescriptor->pBuffers[i]; if ( (Buffer->BufferType & (~SECBUFFER_READONLY)) == SECBUFFER_TOKEN ) { // // If the buffer is readonly and readonly isn't OK, // reject the buffer. // if ( Buffer->BufferType & SECBUFFER_READONLY ) { return FALSE; } if (Index != BufferIndex) { Index++; continue; } // // Return the requested information // *TokenBuffer = Buffer; return TRUE; } } return FALSE; }