archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/protocols/digest/ctxt.cxx

654 lines
18 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 2000
  6. //
  7. // File: ctxt.cxx
  8. //
  9. // Contents: Context manipulation functions
  10. //
  11. //
  12. // History: KDamour 15Mar00 Stolen from NTLM context.cxx
  13. //
  14. //------------------------------------------------------------------------
  15. #include "global.h"
  17. // Globals for manipulating Context Lists
  19. #define DIGEST_LIST_COUNT (16) // count of lists
  20. #define DIGEST_LIST_LOCK_COUNT_MAX (4) // count of locks
  22. LIST_ENTRY DigestContextList[ DIGEST_LIST_COUNT ]; // list array.
  23. RTL_RESOURCE DigestContextLock[ DIGEST_LIST_LOCK_COUNT_MAX ]; // lock array
  24. ULONG DigestContextCount[ DIGEST_LIST_COUNT ]; // count of active contexts
  25. ULONG DigestContextLockCount;
  28. // Indicate if completed Initialization of Credential Handler
  29. BOOL g_bContextInitialized = FALSE;
  33. ULONG
  34. HandleToListIndex(
  35. ULONG_PTR ContextHandle
  36. );
  38. ULONG
  39. __inline
  40. ListIndexToLockIndex(
  41. ULONG ListIndex
  42. );
  45. //+--------------------------------------------------------------------
  46. //
  47. // Function: SspContextInitialize
  48. //
  49. // Synopsis: Initializes the context manager package
  50. //
  51. // Arguments: none
  52. //
  53. // Returns: NTSTATUS
  54. //
  55. // Notes: Called by SpInitialize
  56. //
  57. //---------------------------------------------------------------------
  58. NTSTATUS
  59. CtxtHandlerInit(VOID)
  60. {
  61. NTSTATUS Status = STATUS_SUCCESS;
  62. NT_PRODUCT_TYPE ProductType;
  63. ULONG Index;
  64. ULONG cResourcesInitialized = 0;
  66. for( Index=0 ; Index < DIGEST_LIST_COUNT ; Index++ )
  67. {
  68. InitializeListHead (&DigestContextList[Index]);
  69. }
  72. DigestContextLockCount = 1;
  75. RtlGetNtProductType( &ProductType );
  77. if( ProductType == NtProductLanManNt ||
  78. ProductType == NtProductServer )
  79. {
  80. SYSTEM_INFO si;
  82. GetSystemInfo( &si );
  84. //
  85. // if not an even power of two, bump it up.
  86. //
  88. if( si.dwNumberOfProcessors & 1 )
  89. {
  90. si.dwNumberOfProcessors++;
  91. }
  93. //
  94. // insure it fits in the confines of the max allowed.
  95. //
  97. if( si.dwNumberOfProcessors > DIGEST_LIST_LOCK_COUNT_MAX )
  98. {
  99. si.dwNumberOfProcessors = DIGEST_LIST_LOCK_COUNT_MAX;
  100. }
  102. if( si.dwNumberOfProcessors )
  103. {
  104. DigestContextLockCount = si.dwNumberOfProcessors;
  105. }
  106. }
  108. //
  109. // list count is 1, or a power of two, for index purposes.
  110. //
  112. ASSERT( (DigestContextLockCount == 1) || ((DigestContextLockCount % 2) == 0) );
  114. for (Index=0; Index < DigestContextLockCount; Index++)
  115. {
  116. __try
  117. {
  118. RtlInitializeResource(&DigestContextLock[Index]);
  119. cResourcesInitialized++; // keep track of Resources that are initialized
  120. }
  121. __except(EXCEPTION_EXECUTE_HANDLER)
  122. {
  123. Status = STATUS_INSUFFICIENT_RESOURCES;
  124. break;
  125. }
  126. }
  128. //
  129. // avoiding deleting RTL_RESOURCEs with un-initialized fields
  130. //
  132. if (!NT_SUCCESS(Status))
  133. {
  134. for (Index = 0; Index < cResourcesInitialized; Index++)
  135. {
  136. RtlDeleteResource(&DigestContextLock[Index]);
  137. }
  138. }
  140. // Simple variable test to make sure all initialized;
  141. g_bContextInitialized = TRUE;
  143. return Status;
  144. }
  147. // Add a Context into the Context List
  148. NTSTATUS
  149. CtxtHandlerInsertCred(
  150. IN PDIGEST_CONTEXT pDigestCtxt
  151. )
  152. {
  153. ULONG ListIndex;
  154. ULONG LockIndex;
  156. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerInsertCred: Entering with Context 0x%x RefCount %ld\n", pDigestCtxt, pDigestCtxt->lReferences));
  157. DebugLog((DEB_TRACE, "CtxtHandlerInsertCred: add into list\n"));
  160. ListIndex = HandleToListIndex( (ULONG_PTR)pDigestCtxt );
  161. LockIndex = ListIndexToLockIndex( ListIndex );
  163. RtlAcquireResourceExclusive(&DigestContextLock[LockIndex], TRUE);
  164. InsertHeadList( &DigestContextList[ListIndex], &pDigestCtxt->Next );
  165. RtlReleaseResource(&DigestContextLock[LockIndex]);
  167. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerInsertCred: Leaving with Context 0x%x\n", pDigestCtxt));
  169. return STATUS_SUCCESS;
  170. }
  173. // Initialize a Context into the IdleState with the data from the Credential provided
  174. NTSTATUS NTAPI
  175. ContextInit(
  176. IN OUT PDIGEST_CONTEXT pContext,
  177. IN PDIGEST_CREDENTIAL pCredential
  178. )
  179. {
  181. NTSTATUS Status = STATUS_SUCCESS;
  183. DebugLog((DEB_TRACE_FUNC, "ContextInit: Entering\n"));
  185. if (!pContext || !pCredential)
  186. {
  187. return STATUS_INVALID_PARAMETER;
  188. }
  190. ZeroMemory(pContext, sizeof(DIGEST_CONTEXT));
  192. pContext->typeQOP = QOP_UNDEFINED;
  193. pContext->typeDigest = DIGEST_UNDEFINED;
  194. pContext->typeAlgorithm = ALGORITHM_UNDEFINED;
  195. pContext->typeCipher = CIPHER_UNDEFINED;
  196. pContext->typeCharset = CHARSET_UNDEFINED;
  197. pContext->lReferences = 0;
  198. pContext->ulSendMaxBuf = SASL_MAX_DATA_BUFFER;
  199. pContext->ulRecvMaxBuf = SASL_MAX_DATA_BUFFER;
  200. pContext->ContextHandle = (ULONG_PTR)pContext;
  201. pContext->ExpirationTime = g_TimeForever; // never expire
  203. // Now copy over all the info we need from the supplied credential
  205. pContext->CredentialUseFlags = pCredential->CredentialUseFlags; // Keep the info on inbound/outbound
  207. Status = UnicodeStringDuplicate(&(pContext->ustrAccountName), &(pCredential->ustrAccountName));
  208. if (!NT_SUCCESS(Status))
  209. {
  210. DebugLog((DEB_ERROR, "ContextInit: Failed to copy Domain into Context\n"));
  211. goto CleanUp;
  212. }
  214. Status = UnicodeStringDuplicate(&(pContext->ustrDomain), &(pCredential->ustrDomain));
  215. if (!NT_SUCCESS(Status))
  216. {
  217. DebugLog((DEB_ERROR, "ContextInit: Failed to copy Domain into Context\n"));
  218. goto CleanUp;
  219. }
  221. // Copy over the Credential Password if known - thread safe - this is encrypted text
  222. Status = CredHandlerPasswdGet(pCredential, &pContext->ustrPassword);
  223. if (!NT_SUCCESS(Status))
  224. {
  225. DebugLog((DEB_ERROR, "ContextInit: CredHandlerPasswdGet error status 0x%x\n", Status));
  226. goto CleanUp;
  227. }
  229. // Set context flags based on global settings
  230. if (g_dwParameter_ClientCompat & CLIENTCOMPAT_QQOP)
  231. {
  232. pContext->ulFlags |= FLAG_CONTEXT_QUOTE_QOP;
  233. }
  235. CleanUp:
  236. DebugLog((DEB_TRACE_FUNC, "ContextInit: Leaving Status 0x%x\n", Status));
  237. return Status;
  239. }
  242. // Once done with a context - release the resouces
  243. NTSTATUS NTAPI
  244. ContextFree(
  245. IN PDIGEST_CONTEXT pContext
  246. )
  247. {
  248. NTSTATUS Status = STATUS_SUCCESS;
  249. USHORT iCnt = 0;
  251. DebugLog((DEB_TRACE_FUNC, "ContextFree: Entering with Context 0x%x\n", pContext));
  252. ASSERT(pContext);
  253. ASSERT(0 == pContext->lReferences);
  255. if (!pContext)
  256. {
  257. return STATUS_INVALID_PARAMETER;
  258. }
  260. DebugLog((DEB_TRACE, "ContextFree: Context RefCount %ld\n", pContext->lReferences));
  262. DebugLog((DEB_TRACE, "ContextFree: Checking TokenHandle for LogonID (%x:%lx)\n",
  263. pContext->LoginID.HighPart, pContext->LoginID.LowPart));
  264. if (pContext->TokenHandle)
  265. {
  266. DebugLog((DEB_TRACE, "ContextFree: Closing TokenHandle for LogonID (%x:%lx)\n",
  267. pContext->LoginID.HighPart, pContext->LoginID.LowPart));
  268. NtClose(pContext->TokenHandle);
  269. pContext->TokenHandle = NULL;
  270. }
  272. StringFree(&(pContext->strNonce));
  273. StringFree(&(pContext->strCNonce));
  274. StringFree(&(pContext->strOpaque));
  275. StringFree(&(pContext->strSessionKey));
  276. UnicodeStringFree(&(pContext->ustrDomain));
  277. UnicodeStringFree(&(pContext->ustrPassword));
  278. UnicodeStringFree(&(pContext->ustrAccountName));
  280. StringFree(&(pContext->strResponseAuth));
  282. for (iCnt = 0; iCnt < MD5_AUTH_LAST; iCnt++)
  283. {
  284. StringFree(&(pContext->strDirective[iCnt]));
  285. }
  287. DigestFreeMemory(pContext);
  289. DebugLog((DEB_TRACE_FUNC, "ContextFree: Leaving with Context 0x%x\n", pContext));
  290. return Status;
  292. }
  296. /*++
  298. Routine Description:
  300. This routine checks to see if the Context is for the specified
  301. Client Connection, and references the Context if it is valid.
  303. The caller may optionally request that the Context be
  304. removed from the list of valid Contexts - preventing future
  305. requests from finding this Context.
  307. Arguments:
  309. ContextHandle - Points to the ContextHandle of the Context
  310. to be referenced.
  312. RemoveContext - This boolean value indicates whether the caller
  313. wants the Context to be removed from the list
  314. of Contexts. TRUE indicates the Context is to be removed.
  315. FALSE indicates the Context is not to be removed.
  318. Return Value:
  320. NULL - the Context was not found.
  322. Otherwise - returns a pointer to the referenced Context.
  324. --*/
  325. NTSTATUS NTAPI
  326. CtxtHandlerHandleToContext(
  327. IN ULONG_PTR ContextHandle,
  328. IN BOOLEAN RemoveContext,
  329. OUT PDIGEST_CONTEXT *ppContext
  330. )
  331. {
  332. NTSTATUS Status = STATUS_SUCCESS;
  333. PLIST_ENTRY ListEntry = NULL;
  334. PDIGEST_CONTEXT Context = NULL;
  335. LONG lReferences = 0;
  337. ULONG ListIndex;
  338. ULONG LockIndex;
  340. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerHandleToContext: Entering ContextHandle 0x%lx\n", ContextHandle));
  342. //
  343. // Acquire access to the Context list
  344. //
  347. ListIndex = HandleToListIndex( ContextHandle );
  348. LockIndex = ListIndexToLockIndex( ListIndex );
  350. RtlAcquireResourceShared(&DigestContextLock[LockIndex], TRUE);
  353. //
  354. // Now walk the list of Contexts looking for a match.
  355. //
  357. for ( ListEntry = DigestContextList[ListIndex].Flink;
  358. ListEntry != &DigestContextList[ListIndex];
  359. ListEntry = ListEntry->Flink ) {
  361. Context = CONTAINING_RECORD( ListEntry, DIGEST_CONTEXT, Next );
  363. //
  364. // Found a match ... reference this Context
  365. // (if the Context is being removed, we would increment
  366. // and then decrement the reference, so don't bother doing
  367. // either - since they cancel each other out).
  368. //
  370. if ( Context == (PDIGEST_CONTEXT) ContextHandle)
  371. {
  372. if (!RemoveContext)
  373. {
  374. //
  375. // Timeout this context if caller is not trying to remove it.
  376. // We only timeout contexts that are being setup, not
  377. // fully authenticated contexts.
  378. //
  380. if (CtxtHandlerTimeHasElapsed(Context))
  381. {
  382. DebugLog((DEB_ERROR, "CtxtHandlerHandleToContext: Context 0x%lx has timed out.\n",
  383. ContextHandle ));
  384. Status = SEC_E_CONTEXT_EXPIRED;
  385. goto CleanUp;
  386. }
  388. lReferences = InterlockedIncrement(&Context->lReferences);
  389. }
  390. else
  391. {
  392. RtlConvertSharedToExclusive(&DigestContextLock[LockIndex]);
  393. RemoveEntryList( &Context->Next );
  395. DebugLog((DEB_TRACE, "CtxtHandlerHandleToContext:Delinked Context 0x%lx\n",Context ));
  396. }
  398. DebugLog((DEB_TRACE, "CtxtHandlerHandleToContext: FOUND Context = 0x%x, RemoveContext = %d, ReferenceCount = %ld\n",
  399. Context, RemoveContext, Context->lReferences));
  400. *ppContext = Context;
  401. goto CleanUp;
  402. }
  404. }
  406. //
  407. // No match found
  408. //
  410. DebugLog((DEB_WARN, "CtxtHandlerHandleToContext: Tried to reference unknown Context 0x%lx\n", ContextHandle ));
  411. Status = STATUS_OBJECT_NAME_NOT_FOUND;
  413. CleanUp:
  415. RtlReleaseResource(&DigestContextLock[LockIndex]);
  417. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerHandleToContext: Leaving\n" ));
  419. return(Status);
  420. }
  424. /*++
  426. Routine Description:
  428. This routine checks to see if the LogonId is for the specified
  429. Server Connection, and references the Context if it is valid.
  431. The caller may optionally request that the Context be
  432. removed from the list of valid Contexts - preventing future
  433. requests from finding this Context.
  435. Arguments:
  437. pstrOpaque - Opaque string that uniquely references the SecurityContext
  440. Return Value:
  442. NULL - the Context was not found.
  444. Otherwise - returns a pointer to the referenced Context.
  446. --*/
  447. NTSTATUS NTAPI
  448. CtxtHandlerOpaqueToPtr(
  449. IN PSTRING pstrOpaque,
  450. OUT PDIGEST_CONTEXT *ppContext
  451. )
  452. {
  453. NTSTATUS Status = STATUS_SUCCESS;
  454. PLIST_ENTRY ListEntry = NULL;
  455. PDIGEST_CONTEXT Context = NULL;
  456. LONG rc = 0;
  457. LONG lReferences = 0;
  459. ULONG ListIndex;
  460. ULONG LockIndex = 0;
  462. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerOpaqueToPtr: Entering Opaque (%Z)\n", pstrOpaque));
  464. //
  465. // Acquire access to the Context list
  466. //
  468. for(ListIndex = 0; ListIndex < DIGEST_LIST_COUNT ; ListIndex++)
  469. {
  470. LockIndex = ListIndexToLockIndex( ListIndex );
  472. RtlAcquireResourceShared(&DigestContextLock[LockIndex], TRUE);
  474. //
  475. // Now walk the list of Contexts looking for a match.
  476. //
  478. for ( ListEntry = DigestContextList[ListIndex].Flink;
  479. ListEntry != &DigestContextList[ListIndex];
  480. ListEntry = ListEntry->Flink ) {
  482. Context = CONTAINING_RECORD( ListEntry, DIGEST_CONTEXT, Next );
  484. //
  485. // Found a match ... reference this Context
  486. // (if the Context is being removed, we would increment
  487. // and then decrement the reference, so don't bother doing
  488. // either - since they cancel each other out).
  489. //
  491. rc = RtlCompareString(pstrOpaque, &(Context->strOpaque), FALSE);
  492. if (!rc)
  493. {
  495. //
  496. // Timeout this context if caller is not trying to remove it.
  497. // We only timeout contexts that are being setup, not
  498. // fully authenticated contexts.
  499. //
  501. if (CtxtHandlerTimeHasElapsed(Context))
  502. {
  503. RtlReleaseResource(&DigestContextLock[LockIndex]);
  504. DebugLog((DEB_ERROR, "CtxtHandlerOpaqueToPtr: Context 0x%x has timed out.\n",
  505. Context ));
  506. Status = SEC_E_CONTEXT_EXPIRED;
  507. goto CleanUp;
  508. }
  510. lReferences = InterlockedIncrement(&Context->lReferences);
  512. RtlReleaseResource(&DigestContextLock[LockIndex]);
  514. DebugLog((DEB_TRACE, "CtxtHandlerOpaqueToPtr: FOUND Context = 0x%x, ReferenceCount = %ld\n",
  515. Context, Context->lReferences));
  516. *ppContext = Context;
  517. goto CleanUp;
  518. }
  520. }
  522. RtlReleaseResource(&DigestContextLock[LockIndex]);
  523. }
  525. //
  526. // No match found
  527. //
  529. DebugLog((DEB_WARN, "CtxtHandlerOpaqueToPtr: Tried to reference unknown Opaque (%Z)\n", pstrOpaque));
  530. Status = STATUS_OBJECT_NAME_NOT_FOUND;
  532. CleanUp:
  534. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerOpaqueToPtr: Leaving\n" ));
  536. return(Status);
  537. }
  541. // Check the Creation time with the Current time.
  542. // If the difference is greater than the MAX allowed, Context is no longer valid
  543. BOOL
  544. CtxtHandlerTimeHasElapsed(
  545. PDIGEST_CONTEXT pContext)
  546. {
  547. UNREFERENCED_PARAMETER(pContext);
  549. return (FALSE); // no expiration at this time
  550. }
  554. //+--------------------------------------------------------------------
  555. //
  556. // Function: CtxtHandlerRelease
  557. //
  558. // Synopsis: Releases the Context by decreasing reference counter
  559. //
  560. // Arguments: pContext - pointer to credential to de-reference
  561. //
  562. // Returns: NTSTATUS
  563. //
  564. // Notes:
  565. //
  566. //---------------------------------------------------------------------
  567. NTSTATUS
  568. CtxtHandlerRelease(
  569. PDIGEST_CONTEXT pContext,
  570. ULONG ulDereferenceCount)
  571. {
  572. NTSTATUS Status = STATUS_SUCCESS;
  573. LONG lReferences = 0;
  575. if (ulDereferenceCount == 1)
  576. {
  577. lReferences = InterlockedDecrement(&pContext->lReferences);
  579. DebugLog((DEB_TRACE, "CtxtHandlerRelease: (RefCount) deref 0x%x updated references %ld\n",
  580. pContext, lReferences));
  582. ASSERT( lReferences >= 0 );
  583. }
  584. else if (ulDereferenceCount > 0)
  585. {
  586. //
  587. // there is no equivalent to InterlockedSubtract.
  588. // so, turn it into an Add with some signed magic.
  589. //
  591. LONG lDecrementToIncrement = 0 - ulDereferenceCount;
  593. DebugLog((DEB_TRACE, "CtxtHandlerRelease: Dereferencing by %lu count\n", ulDereferenceCount ));
  595. lReferences = InterlockedExchangeAdd( &pContext->lReferences, lDecrementToIncrement );
  596. lReferences += lDecrementToIncrement;
  598. ASSERT( lReferences >= 0 );
  599. }
  601. //
  602. // If the count has dropped to zero, then free all alloced stuff
  603. //
  605. if (lReferences == 0)
  606. {
  607. DebugLog((DEB_TRACE, "CtxtHandlerRelease: (RefCount) freed 0x%x\n", pContext));
  608. Status = ContextFree(pContext);
  609. }
  611. return(Status);
  612. }
  616. ULONG
  617. HandleToListIndex(
  618. ULONG_PTR ContextHandle
  619. )
  620. {
  621. ULONG Number ;
  622. ULONG Hash;
  623. ULONG HashFinal;
  625. Number = (ULONG)ContextHandle;
  627. Hash = Number;
  628. Hash += Number >> 8;
  629. Hash += Number >> 16;
  630. Hash += Number >> 24;
  632. HashFinal = Hash;
  633. HashFinal += Hash >> 4;
  635. //
  636. // insure power of two if not one.
  637. //
  639. return ( HashFinal & (DIGEST_LIST_COUNT-1) ) ;
  640. }
  642. ULONG
  643. __inline
  644. ListIndexToLockIndex(
  645. ULONG ListIndex
  646. )
  647. {
  648. //
  649. // insure power of two if not one.
  650. //
  652. return ( ListIndex & (DigestContextLockCount-1) );
  653. }