archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/inetcore/winhttp/v5.1/auth/digest.cxx

582 lines
17 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. #include <wininetp.h>
  2. #include <splugin.hxx>
  3. #include <security.h>
  4. #include "auth.h"
  6. #define SSP_SPM_NT_DLL "security.dll"
  8. #define OUTPUT_BUFFER_LEN 10000
  10. #define HEADER_IDX 0
  11. #define REALM_IDX 1
  12. #define HOST_IDX 2
  13. #define URL_IDX 3
  14. #define METHOD_IDX 4
  15. #define USER_IDX 5
  16. #define PASS_IDX 6
  17. #define NONCE_IDX 7
  18. #define NC_IDX 8
  19. #define HWND_IDX 9
  20. #define NUM_BUFF 10
  22. #define ISC_MODE_AUTH 0
  23. #define ISC_MODE_PREAUTH 1
  24. #define ISC_MODE_UI 2
  26. struct DIGEST_PKG_DATA
  27. {
  28. LPSTR szAppCtx;
  29. LPSTR szUserCtx;
  30. };
  32. //
  33. // IsSecHandleZero( CtxtHandle)
  34. // Utility function for working with SSPI. It can be used for Security Handles,
  35. // Context Handles, and Credential handles.
  36. //
  37. // Some SSPI functions that maintain a context handle initially take NULL
  38. //as the address of that handle, and then the address of the handle, as an
  39. //input param. To track whether or not it is an initial call, we check if
  40. //the context handle is zero.
  41. //
  42. bool IsSecHandleZero( CtxtHandle h)
  43. {
  44. return h.dwUpper == 0 && h.dwLower == 0;
  45. };
  48. /*-----------------------------------------------------------------------------
  49. DIGEST_CTX
  50. -----------------------------------------------------------------------------*/
  52. // Globals
  53. CCritSec DIGEST_CTX::s_CritSection;
  54. HINSTANCE DIGEST_CTX::g_hSecLib = NULL;
  55. PSecurityFunctionTable DIGEST_CTX::g_pFuncTbl = NULL;
  56. unsigned int DIGEST_CTX::g_iUniquePerDigestCtxInt; // let it start at a mildly pseudorandom value.
  59. /*---------------------------------------------------------------------------
  60. static DIGEST_CTX::GlobalInitialize()
  61. ---------------------------------------------------------------------------*/
  62. BOOL DIGEST_CTX::GlobalInitialize()
  63. {
  64. if (g_pFuncTbl != NULL)
  65. return TRUE;
  66. else if (!s_CritSection.Lock())
  67. return FALSE;
  69. //
  70. // Get the global SSPI dispatch table. (get g_hSecLib and then g_pFuncTbl)
  71. //
  72. if (g_hSecLib == NULL)
  73. {
  74. OSVERSIONINFO VerInfo;
  76. VerInfo.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
  78. GetVersionEx (&VerInfo);
  80. if (VerInfo.dwPlatformId == VER_PLATFORM_WIN32_NT)
  81. {
  82. g_hSecLib = LoadLibrary (SSP_SPM_NT_DLL);
  83. }
  84. }
  86. if (g_pFuncTbl == NULL && g_hSecLib != NULL)
  87. {
  88. INIT_SECURITY_INTERFACE addrProcISI = NULL;
  89. addrProcISI = (INIT_SECURITY_INTERFACE) GetProcAddress(g_hSecLib,
  90. SECURITY_ENTRYPOINT_ANSI);
  91. if (addrProcISI != NULL)
  92. g_pFuncTbl = (*addrProcISI)();
  93. }
  95. s_CritSection.Unlock();
  97. return g_pFuncTbl != NULL;
  98. }
  100. /*---------------------------------------------------------------------------
  101. static DIGEST_CTX::GlobalRelease()
  102. ---------------------------------------------------------------------------*/
  103. void DIGEST_CTX::GlobalRelease()
  104. {
  105. g_pFuncTbl = NULL;
  107. if( g_hSecLib != NULL)
  108. {
  109. FreeLibrary( g_hSecLib);
  110. g_hSecLib = NULL;
  111. }
  112. }
  114. /*---------------------------------------------------------------------------
  115. DIGEST_CTX::GetRequestUri
  116. ---------------------------------------------------------------------------*/
  117. LPSTR DIGEST_CTX::GetRequestUri()
  118. {
  119. LPSTR szUrl;
  120. DWORD cbUrl;
  122. URL_COMPONENTSA sUrl;
  124. memset(&sUrl, 0, sizeof(sUrl));
  125. sUrl.dwStructSize = sizeof(sUrl);
  126. sUrl.dwHostNameLength = (DWORD)-1;
  127. sUrl.dwUrlPathLength = (DWORD)-1;
  128. sUrl.dwExtraInfoLength = (DWORD)-1;
  130. szUrl = _pRequest->GetURL();
  132. // Generate request-uri
  133. if (WinHttpCrackUrlA(szUrl, strlen(szUrl), 0, &sUrl))
  134. {
  135. cbUrl = sUrl.dwUrlPathLength;
  136. szUrl = New CHAR[cbUrl+1];
  138. if (!szUrl)
  139. {
  140. // Alloc failure. Return NULL. We will
  141. // use _pRequest->GetURL instead.
  142. return NULL;
  143. }
  145. memcpy(szUrl, sUrl.lpszUrlPath, cbUrl);
  146. szUrl[cbUrl] = '\0';
  147. }
  148. else
  149. {
  150. // ICU failed. Return NULL which
  151. // will cause _pRequest->GetURL
  152. // to be used.
  153. return NULL;
  154. }
  156. return szUrl;
  157. }
  160. /*---------------------------------------------------------------------------
  161. DIGEST_CTX::InitSecurityBuffers
  162. ---------------------------------------------------------------------------*/
  163. VOID DIGEST_CTX::InitSecurityBuffers(LPSTR szOutBuf, DWORD cbOutBuf,
  164. LPDWORD pdwSecFlags, DWORD dwISCMode)
  165. {
  166. LPSTR lpszPass = NULL;
  168. // Input Buffer.
  169. _SecBuffInDesc.cBuffers = NUM_BUFF;
  170. _SecBuffInDesc.pBuffers = _SecBuffIn;
  172. // Set Header
  173. _SecBuffIn[HEADER_IDX].pvBuffer = _szData;
  174. _SecBuffIn[HEADER_IDX].cbBuffer = _cbData;
  175. _SecBuffIn[HEADER_IDX].BufferType = SECBUFFER_TOKEN;
  177. // If credentials are supplied will be set to
  178. // ISC_REQ_USE_SUPPLIED_CREDS.
  179. // If prompting for auth dialog will be set to
  180. // ISC_REQ_PROMPT_FOR_CREDS.
  181. *pdwSecFlags = 0;
  183. // Set realm if no header, otherwise NULL.
  184. if (_SecBuffIn[HEADER_IDX].pvBuffer || _pCreds->lpszRealm == NULL)
  185. {
  186. _SecBuffIn[REALM_IDX].pvBuffer = NULL;
  187. _SecBuffIn[REALM_IDX].cbBuffer = 0;
  188. }
  189. else
  190. {
  191. // We are preauthenticating using the realm
  192. _SecBuffIn[REALM_IDX].pvBuffer = _pCreds->lpszRealm;
  193. _SecBuffIn[REALM_IDX].cbBuffer = strlen(_pCreds->lpszRealm);
  194. }
  196. // Host.
  197. _SecBuffIn[HOST_IDX].pvBuffer = _pCreds->lpszHost;
  198. _SecBuffIn[HOST_IDX].cbBuffer = strlen(_pCreds->lpszHost);
  199. _SecBuffIn[HOST_IDX].BufferType = SECBUFFER_TOKEN;
  202. // Request URI.
  203. if (!_szRequestUri)
  204. {
  205. _szRequestUri = GetRequestUri();
  206. if (_szRequestUri)
  207. _SecBuffIn[URL_IDX].pvBuffer = _szRequestUri;
  208. else
  209. _SecBuffIn[URL_IDX].pvBuffer = _pRequest->GetURL();
  210. }
  212. _SecBuffIn[URL_IDX].cbBuffer = strlen((LPSTR) _SecBuffIn[URL_IDX].pvBuffer);
  213. _SecBuffIn[URL_IDX].BufferType = SECBUFFER_TOKEN;
  216. LPSTR lpszVerb;
  217. DWORD dwVerbLength;
  218. lpszVerb = _pRequest->_RequestHeaders.GetVerb(&dwVerbLength);
  219. if(NULL != _pszVerb)
  220. delete[] _pszVerb;
  221. _pszVerb = new CHAR[dwVerbLength+1];
  222. if (_pszVerb)
  223. {
  224. memcpy(_pszVerb, lpszVerb, dwVerbLength);
  225. _pszVerb[dwVerbLength] = 0;
  226. }
  228. // HTTP method.
  229. _SecBuffIn[METHOD_IDX].pvBuffer = _pszVerb;
  230. _SecBuffIn[METHOD_IDX].cbBuffer = dwVerbLength;
  231. // MapHttpMethodType(_pRequest->GetMethodType(), (LPCSTR*) &_SecBuffIn[METHOD_IDX].pvBuffer);
  232. _SecBuffIn[METHOD_IDX].BufferType = SECBUFFER_TOKEN;
  234. if (_SecBuffIn[PASS_IDX].pvBuffer)
  235. {
  236. INET_ASSERT(strlen((LPCSTR)_SecBuffIn[PASS_IDX].pvBuffer) == _SecBuffIn[PASS_IDX].cbBuffer);
  237. SecureZeroMemory(_SecBuffIn[PASS_IDX].pvBuffer, _SecBuffIn[PASS_IDX].cbBuffer);
  238. FREE_MEMORY(_SecBuffIn[PASS_IDX].pvBuffer);
  239. }
  241. // User and pass might be provided from Creds entry. Use only if
  242. // we have a challenge header (we don't pre-auth using supplied creds).
  243. if (dwISCMode == ISC_MODE_AUTH && _pCreds->lpszUser && *_pCreds->lpszUser
  244. && (lpszPass = _pCreds->GetPass()) && *lpszPass)
  245. {
  246. // User.
  247. _SecBuffIn[USER_IDX].pvBuffer = _pCreds->lpszUser;
  248. _SecBuffIn[USER_IDX].cbBuffer = strlen(_pCreds->lpszUser);
  249. _SecBuffIn[USER_IDX].BufferType = SECBUFFER_TOKEN;
  251. // Pass.
  252. _SecBuffIn[PASS_IDX].pvBuffer = lpszPass;
  253. _SecBuffIn[PASS_IDX].cbBuffer = strlen(lpszPass);
  254. _SecBuffIn[PASS_IDX].BufferType = SECBUFFER_TOKEN;
  255. *pdwSecFlags = ISC_REQ_USE_SUPPLIED_CREDS;
  256. }
  257. else
  258. {
  259. // User.
  260. _SecBuffIn[USER_IDX].pvBuffer = NULL;
  261. _SecBuffIn[USER_IDX].cbBuffer = 0;
  262. _SecBuffIn[USER_IDX].BufferType = SECBUFFER_TOKEN;
  264. // Pass.
  265. _SecBuffIn[PASS_IDX].pvBuffer = NULL;
  266. _SecBuffIn[PASS_IDX].cbBuffer = 0;
  267. _SecBuffIn[PASS_IDX].BufferType = SECBUFFER_TOKEN;
  268. }
  270. // If the 'if' statement above caused the lpszPass variable to be allocated
  271. // but it was not assigned to _SecBuffIn[PASS_IDX].pvBuffer, then free it.
  272. if (lpszPass != NULL && _SecBuffIn[PASS_IDX].pvBuffer == NULL)
  273. {
  274. SecureZeroMemory(lpszPass, strlen(lpszPass));
  275. FREE_MEMORY(lpszPass);
  276. }
  278. if (dwISCMode == ISC_MODE_UI)
  279. *pdwSecFlags = ISC_REQ_PROMPT_FOR_CREDS;
  281. // Out Buffer.
  282. _SecBuffOutDesc.cBuffers = 1;
  283. _SecBuffOutDesc.pBuffers = _SecBuffOut;
  284. _SecBuffOut[0].pvBuffer = szOutBuf;
  285. _SecBuffOut[0].cbBuffer = cbOutBuf;
  286. _SecBuffOut[0].BufferType = SECBUFFER_TOKEN;
  287. }
  290. /*---------------------------------------------------------------------------
  291. Constructor
  292. ---------------------------------------------------------------------------*/
  293. DIGEST_CTX::DIGEST_CTX(HTTP_REQUEST_HANDLE_OBJECT *pRequest, BOOL fIsProxy,
  294. SPMData *pSPM, AUTH_CREDS* pCreds)
  295. : AUTHCTX(pSPM, pCreds)
  296. {
  297. _fIsProxy = fIsProxy;
  298. _pRequest = pRequest;
  300. _szAlloc = NULL;
  301. _szData = NULL;
  302. _pvContext = NULL;
  303. _szRequestUri = NULL;
  304. _cbData = 0;
  305. _cbContext = 0;
  307. _pszVerb = NULL;
  310. // Zero out the security buffers and request context.
  311. memset(&_SecBuffInDesc, 0, sizeof(_SecBuffInDesc));
  312. memset(&_SecBuffOutDesc, 0, sizeof(_SecBuffInDesc));
  313. memset(_SecBuffIn, 0, sizeof(_SecBuffIn));
  314. memset(_SecBuffOut, 0, sizeof(_SecBuffOut));
  315. // On the first call to InitializeSecurityContext() it doesn't have a valid handle,
  316. //but afterwards _hCtxt is a handle to accumulated data.
  317. memset(&_hCtxt, 0, sizeof(_hCtxt));
  318. _szUserCtx[0] = '\0';
  319. memset(&_hCred, 0, sizeof(_hCred));
  321. //
  322. // Initialize class global stuff if necessary
  323. //
  324. if (!DIGEST_CTX::GlobalInitialize())
  325. return; // failure indicated by IsSecHandleZero(_hCred)
  327. //
  328. // Get credentials handle unique to this digest context
  329. //
  330. SEC_WINNT_AUTH_IDENTITY_EXA SecIdExA;
  331. DIGEST_PKG_DATA PkgData;
  332. sprintf(_szUserCtx, "digest%pn%x", pRequest, g_iUniquePerDigestCtxInt++);
  334. PkgData.szAppCtx = PkgData.szUserCtx = _szUserCtx;
  335. memset(&SecIdExA, 0, sizeof(SEC_WINNT_AUTH_IDENTITY_EXA));
  337. SecIdExA.Version = sizeof(SEC_WINNT_AUTH_IDENTITY_EXA);
  338. SecIdExA.User = (unsigned char*) &PkgData;
  339. SecIdExA.UserLength = sizeof( PkgData);
  341. (*(g_pFuncTbl->AcquireCredentialsHandleA))
  342. (NULL, "Digest", SECPKG_CRED_OUTBOUND, NULL, &SecIdExA, NULL, 0, &_hCred, NULL);
  344. // success indicated by !IsSecHandleZero(_hCred)
  345. }
  348. /*---------------------------------------------------------------------------
  349. Destructor
  350. ---------------------------------------------------------------------------*/
  351. DIGEST_CTX::~DIGEST_CTX()
  352. {
  353. if(!IsSecHandleZero(_hCtxt))
  354. {
  355. (*(g_pFuncTbl->DeleteSecurityContext))( &_hCtxt);
  356. }
  358. if( !IsSecHandleZero( _hCred))
  359. {
  360. (*(g_pFuncTbl->FreeCredentialsHandle))(&_hCred);
  361. }
  363. if (_szAlloc)
  364. delete [] _szAlloc;
  366. if (_pvContext)
  367. delete [] _pvContext;
  369. if (_szRequestUri)
  370. delete [] _szRequestUri;
  372. if (_pszVerb)
  373. delete [] _pszVerb;
  375. if (_SecBuffIn[PASS_IDX].pvBuffer)
  376. {
  377. INET_ASSERT(strlen((LPCSTR)_SecBuffIn[PASS_IDX].pvBuffer) == _SecBuffIn[PASS_IDX].cbBuffer);
  378. SecureZeroMemory(_SecBuffIn[PASS_IDX].pvBuffer, _SecBuffIn[PASS_IDX].cbBuffer);
  379. FREE_MEMORY(_SecBuffIn[PASS_IDX].pvBuffer);
  380. }
  381. }
  384. /*---------------------------------------------------------------------------
  385. PreAuthUser
  386. ---------------------------------------------------------------------------*/
  387. DWORD DIGEST_CTX::PreAuthUser(OUT LPSTR pBuff, IN OUT LPDWORD pcbBuff)
  388. {
  389. SECURITY_STATUS ssResult = SEC_E_OK;
  390. INET_ASSERT(_pSPMData == _pCreds->pSPM);
  392. if (IsSecHandleZero(_hCred))
  393. return ERROR_WINHTTP_INTERNAL_ERROR;
  395. if (AuthLock())
  396. {
  397. // If a response has been generated copy into output buffer.
  398. if (_cbContext)
  399. {
  400. memcpy(pBuff, _pvContext, _cbContext);
  401. *pcbBuff = _cbContext;
  402. }
  403. // Otherwise attempt to preauthenticate.
  404. else
  405. {
  406. // Call into the SSPI package.
  407. DWORD sf;
  408. InitSecurityBuffers(pBuff, *pcbBuff, &sf, ISC_MODE_AUTH);
  410. ssResult = (*(g_pFuncTbl->InitializeSecurityContext))
  411. (&_hCred, (IsSecHandleZero(_hCtxt) ? NULL : &_hCtxt), NULL, sf, 0, 0,
  412. &_SecBuffInDesc, 0, &_hCtxt, &_SecBuffOutDesc, NULL, NULL);
  413. INET_ASSERT( !IsSecHandleZero( _hCtxt));
  415. *pcbBuff = _SecBuffOut[0].cbBuffer;
  416. }
  418. AuthUnlock();
  419. }
  421. return (DWORD) ssResult;
  422. }
  424. /*---------------------------------------------------------------------------
  425. UpdateFromHeaders
  426. ---------------------------------------------------------------------------*/
  427. DWORD DIGEST_CTX::UpdateFromHeaders(HTTP_REQUEST_HANDLE_OBJECT *pRequest, BOOL fIsProxy)
  428. {
  429. if (IsSecHandleZero(_hCred))
  430. return ERROR_WINHTTP_INTERNAL_ERROR;
  432. if (!AuthLock())
  433. {
  434. return ERROR_NOT_ENOUGH_MEMORY;
  435. }
  437. DWORD dwError, dwAuthIdx;
  438. LPSTR szRealm;
  439. DWORD cbRealm;
  441. // Get the associated header.
  442. if ((dwError = FindHdrIdxFromScheme(&dwAuthIdx)) != ERROR_SUCCESS)
  443. goto exit;
  445. // If this auth ctx does not have Creds then it has been
  446. // just been constructed in response to a 401.
  447. if (!_pCreds)
  448. {
  449. // Get any realm.
  450. dwError = GetAuthHeaderData(pRequest, fIsProxy, "Realm",
  451. &szRealm, &cbRealm, ALLOCATE_BUFFER, dwAuthIdx);
  453. if (dwError != ERROR_SUCCESS)
  454. {
  455. goto exit;
  456. }
  458. _pCreds = CreateCreds(pRequest, fIsProxy, _pSPMData, szRealm);
  460. if (pRequest->_pszRealm)
  461. {
  462. FREE_MEMORY(pRequest->_pszRealm);
  463. }
  464. pRequest->_pszRealm = szRealm;
  465. szRealm = NULL;
  467. if (_pCreds)
  468. {
  469. INET_ASSERT(_pCreds->pSPM == _pSPMData);
  470. }
  471. else
  472. {
  473. dwError = ERROR_WINHTTP_INTERNAL_ERROR;
  474. goto exit;
  475. }
  476. }
  477. else if (_pCreds != NULL && _cbContext)
  478. {
  479. // else if we have credentials and had authorization data with the last request,
  480. //then we failed to authenticate.
  481. dwError = ERROR_WINHTTP_INCORRECT_PASSWORD;
  482. goto exit;
  483. }
  485. // Updating the buffer - delete old one if necessary.
  486. if (_szAlloc)
  487. {
  488. delete [] _szAlloc;
  489. _szAlloc = _szData = NULL;
  490. _cbData = 0;
  491. }
  493. // Get the entire authentication header.
  494. dwError = GetAuthHeaderData(pRequest, fIsProxy, NULL,
  495. &_szAlloc, &_cbData, ALLOCATE_BUFFER, dwAuthIdx);
  497. if (dwError != ERROR_SUCCESS)
  498. {
  499. goto exit;
  500. }
  502. // Point just past scheme
  503. _szData = _szAlloc;
  504. while (*_szData != ' ')
  505. {
  506. _szData++;
  507. _cbData--;
  508. }
  510. // The request will be retried.
  511. dwError = ERROR_SUCCESS;
  513. exit:
  514. AuthUnlock();
  515. return dwError;
  516. }
  520. /*---------------------------------------------------------------------------
  521. PostAuthUser
  522. ---------------------------------------------------------------------------*/
  523. DWORD DIGEST_CTX::PostAuthUser()
  524. {
  525. if (IsSecHandleZero(_hCred))
  526. return ERROR_WINHTTP_INTERNAL_ERROR;
  528. if (!AuthLock())
  529. {
  530. return ERROR_NOT_ENOUGH_MEMORY;
  531. }
  533. INET_ASSERT(_pSPMData == _pCreds->pSPM);
  535. DWORD dwError;
  536. SECURITY_STATUS ssResult;
  538. // Allocate an output buffer if not done so already.
  539. if (!_pvContext)
  540. {
  541. _pvContext = New CHAR[OUTPUT_BUFFER_LEN];
  542. if (!_pvContext)
  543. {
  544. dwError = ERROR_NOT_ENOUGH_MEMORY;
  545. goto exit;
  546. }
  547. }
  549. _cbContext = OUTPUT_BUFFER_LEN;
  552. // Call into the SSPI package.
  554. DWORD sf;
  555. InitSecurityBuffers((LPSTR) _pvContext, _cbContext, &sf, ISC_MODE_AUTH);
  556. ssResult = (*(g_pFuncTbl->InitializeSecurityContext))
  557. (&_hCred, (IsSecHandleZero(_hCtxt) ? NULL : &_hCtxt), NULL, sf,
  558. 0, 0, &_SecBuffInDesc, 0, &_hCtxt, &_SecBuffOutDesc, NULL, NULL);
  559. INET_ASSERT( !IsSecHandleZero( _hCtxt));
  560. _cbContext = _SecBuffOutDesc.pBuffers[0].cbBuffer;
  562. switch(ssResult)
  563. {
  564. case SEC_E_OK:
  565. {
  566. dwError = ERROR_WINHTTP_FORCE_RETRY;
  567. break;
  568. }
  569. case SEC_E_NO_CREDENTIALS:
  570. {
  571. dwError = ERROR_WINHTTP_INCORRECT_PASSWORD;
  572. break;
  573. }
  574. default:
  575. dwError = ERROR_WINHTTP_LOGIN_FAILURE;
  576. }
  578. exit:
  579. _pRequest->SetCreds(NULL);
  580. AuthUnlock();
  581. return dwError;
  582. }