archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetcore/winhttp/v5.1/auth/sspspm.cxx

531 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*#----------------------------------------------------------------------------
  2. **
  3. ** File: sspspm.c
  4. **
  5. ** Synopsis: Security Protocol Module for SSPI Authentication providers.
  6. **
  7. ** This module contains major funtions of the SEC_SSPI.DLL which
  8. ** allows the Internet Explorer to use SSPI providers for authentication.
  9. ** The function exported to the Internet Explorer is Ssp_Load() which
  10. ** passes the address of the Ssp__DownCall() function to the Explorer.
  11. ** Then the Explorer will call Ssp__DownCall() when it needs service from
  12. ** this SPM DLL. The two major functions called by Ssp__DownCall() to
  13. ** service Explorer's request are Ssp__PreProcessRequest() and
  14. ** Ssp__ProcessResponse(). In brief, Ssp__PreProcessRequest() is
  15. ** called before the Explorer sends out a request which does not have
  16. ** any 'Authorization' header yet. And Ssp__ProcessResponse() is called
  17. ** whenever the Explorer receives an 401 'Unauthorized' response from the
  18. ** server. This SPM DLL supports all SSPI packages which are installed
  19. ** on the machine.
  20. **
  21. ** This SPM DLL is called by the Internet Explorer only for its
  22. ** The Internet Explorer only calls this SPM DLL when it needs
  23. ** authentication data in its request/response. In other words, the
  24. ** Explorer never calls this SPM DLL when an authentication succeeded;
  25. ** it never calls this DLL when it decide to give up on a connection
  26. ** because of server response timeout. Because of this fact, this SPM
  27. ** DLL never has sufficient information on the state of each server
  28. ** connection; it only know its state based on the content of the last
  29. ** request and the content of the current response. For this reason, this
  30. ** SPM DLL does not keep state information for each host it has visited
  31. ** unless the information is essential.
  32. ** The security context handle returned from the first call of
  33. ** InitializeSecurityContext() for NEGOTIATE message generation is
  34. ** always the identical for a SSPI package when the same server host is
  35. ** passed. Since the server host name is always in the request/response
  36. ** header, the only information essential in generating a NEGOTIATE or
  37. ** RESPONSE is already available in the header. So unlike most SSPI
  38. ** application, this DLL will not keep the security context handle which
  39. ** it received from the SSPI function calls. Whenever it needs to call
  40. ** the SSPI function for generating a RESPONSE, it will first call the
  41. ** SSPI function without the CHALLENGE to get a security context handle.
  42. ** Then it calls the SSPI function again with the CHALLENGE to generate
  43. ** a RESPONSE.
  44. **
  45. **
  46. ** Copyright (C) 1995 Microsoft Corporation. All Rights Reserved.
  47. **
  48. ** Authors: LucyC Created 25 Sept. 1995
  49. **
  50. **---------------------------------------------------------------------------*/
  51. #include <wininetp.h>
  52. #include <ntlmsp.h>
  53. #include "sspspm.h"
  55. //
  56. // Global variable where all the SSPI Pkgs data is collected
  57. //
  59. SspData *g_pSspData;
  62. HINSTANCE g_hSecLib = NULL;
  64. /*-----------------------------------------------------------------------------
  65. **
  66. ** Function: SpmAddSSPIPkg
  67. **
  68. ** Synopsis: This function adds a SSPI package to the SPM's package list.
  69. **
  70. ** Arguments: pData - Points to the private SPM data structure containing
  71. ** the package list and the package info.
  72. ** pPkgName - package name
  73. ** cbMaxToken - max size of security token
  74. **
  75. ** Returns: The index in the package list where this new package is added.
  76. ** If failed to add the new package, SSPPKG_ERROR is returned.
  77. **
  78. ** History: LucyC Created 21 Oct. 1995
  79. **
  80. **---------------------------------------------------------------------------*/
  81. static UCHAR
  82. SpmAddSSPIPkg (
  83. SspData *pData,
  84. LPTSTR pPkgName,
  85. ULONG cbMaxToken
  86. )
  87. {
  88. if ( (pData->PkgList[pData->PkgCnt] =
  89. (SSPAuthPkg *)LocalAlloc(0, sizeof(SSPAuthPkg))) == NULL)
  90. {
  91. return SSPPKG_ERROR;
  92. }
  94. if ( (pData->PkgList[pData->PkgCnt]->pName =
  95. (LPSTR)LocalAlloc(0, lstrlen(pPkgName)+1)) == NULL)
  96. {
  97. LocalFree(pData->PkgList[pData->PkgCnt]);
  98. pData->PkgList[pData->PkgCnt] = NULL;
  99. return SSPPKG_ERROR;
  100. }
  102. lstrcpy (pData->PkgList[pData->PkgCnt]->pName, pPkgName);
  103. pData->PkgList[ pData->PkgCnt ]->Capabilities = 0 ;
  105. pData->PkgList[ pData->PkgCnt ]->cbMaxToken = cbMaxToken;
  107. //
  108. // Determine if this package supports anything of interest to
  109. // us.
  110. //
  112. if ( lstrcmpi( pPkgName, NTLMSP_NAME_A ) == 0 )
  113. {
  114. //
  115. // NTLM supports the standard credential structure
  116. //
  118. pData->PkgList[ pData->PkgCnt ]->Capabilities |= SSPAUTHPKG_SUPPORT_NTLM_CREDS ;
  119. }
  120. else if ( lstrcmpi( pPkgName, "Negotiate" ) == 0 )
  121. {
  122. //
  123. // Negotiate supports that cred structure too
  124. //
  126. pData->PkgList[ pData->PkgCnt ]->Capabilities |= SSPAUTHPKG_SUPPORT_NTLM_CREDS ;
  128. }
  129. else
  130. {
  131. //
  132. // Add more comparisons here, eventually.
  133. //
  135. ;
  136. }
  138. pData->PkgCnt++;
  139. return (pData->PkgCnt - 1);
  140. }
  142. /*-----------------------------------------------------------------------------
  143. **
  144. ** Function: SpmFreePkgList
  145. **
  146. ** Synopsis: This function frees memory allocated for the package list.
  147. **
  148. ** Arguments: pData - Points to the private SPM data structure containing
  149. ** the package list and the package info.
  150. **
  151. ** Returns: void.
  152. **
  153. ** History: LucyC Created 21 Oct. 1995
  154. **
  155. **---------------------------------------------------------------------------*/
  156. static VOID
  157. SpmFreePkgList (
  158. SspData *pData
  159. )
  160. {
  161. int ii;
  163. for (ii = 0; ii < pData->PkgCnt; ii++)
  164. {
  165. LocalFree(pData->PkgList[ii]->pName);
  167. LocalFree(pData->PkgList[ii]);
  168. }
  170. LocalFree(pData->PkgList);
  171. }
  174. /*-----------------------------------------------------------------------------
  175. **
  176. ** Function: Ssp__Unload
  177. **
  178. ** Synopsis: This function is called by the Internet Explorer before
  179. ** the SPM DLL is unloaded from the memory.
  180. **
  181. ** Arguments: fpUI - From Explorer for making all UI_SERVICE call
  182. ** pvOpaqueOS - From Explorer for making all UI_SERVICE call
  183. ** htspm - the SPM structure which contains the global data
  184. ** storage for this SPM DLL.
  185. **
  186. ** Returns: always returns SPM_STATUS_OK, which means successful.
  187. **
  188. ** History: LucyC Created 25 Sept. 1995
  189. **
  190. **---------------------------------------------------------------------------*/
  191. DWORD SSPI_Unload()
  192. {
  193. if (!AuthLock())
  194. {
  195. return SPM_STATUS_INSUFFICIENT_BUFFER;
  196. }
  198. if (g_pSspData != NULL)
  199. {
  200. SpmFreePkgList(g_pSspData);
  201. LocalFree(g_pSspData);
  202. g_pSspData = NULL;
  203. }
  205. if (g_hSecLib)
  206. {
  207. FreeLibrary (g_hSecLib);
  208. g_hSecLib = NULL;
  209. }
  211. AuthUnlock();
  213. return SPM_STATUS_OK;
  214. }
  216. /*-----------------------------------------------------------------------------
  217. **
  218. ** Function: SspSPM_InitData
  219. **
  220. ** Synopsis: This function allocates and initializes global data structure
  221. ** of the SPM DLL.
  222. **
  223. ** Arguments:
  224. **
  225. ** Returns: Pointer to the allocated global data structure.
  226. **
  227. ** History: LucyC Created 25 Sept. 1995
  228. **
  229. **---------------------------------------------------------------------------*/
  230. LPVOID SSPI_InitGlobals(void)
  231. {
  232. SspData *pData = NULL;
  233. OSVERSIONINFO VerInfo;
  234. INIT_SECURITY_INTERFACE addrProcISI = NULL;
  236. SECURITY_STATUS sstat;
  237. ULONG ii, cntPkg;
  238. PSecPkgInfo pPkgInfo = NULL;
  239. PSecurityFunctionTable pFuncTbl = NULL;
  241. if (g_pSspData)
  242. return g_pSspData;
  244. static BOOL Initializing = FALSE;
  245. static BOOL Initialized = FALSE;
  247. if (!AuthLock())
  248. {
  249. goto done;
  250. }
  252. if (Initializing)
  253. {
  254. //if re-entered on same thread, fail.
  255. goto leave;
  256. }
  257. else if (g_pSspData)
  258. {
  259. //else some other thread succeeded, and we can fall out.
  260. goto leave;
  261. }
  262. else if (Initialized)
  263. {
  264. //else if we've failed initialization for non-entrancy reasons, don't reattempt
  265. goto leave;
  266. }
  268. Initializing = TRUE;
  270. //Ensure that the AuthLock is never abandoned.
  271. __try
  272. {
  273. //
  274. // Initialize SSP SPM Global Data
  275. //
  277. VerInfo.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
  278. if (!GetVersionEx (&VerInfo)) // If this fails, something has gone wrong
  279. {
  280. goto quit;
  281. }
  283. if (VerInfo.dwPlatformId != VER_PLATFORM_WIN32_NT)
  284. {
  285. goto quit;
  286. }
  288. if ((pData = (SspData *) LocalAlloc(0, sizeof(SspData))) == NULL) {
  290. goto quit;
  292. }
  294. //
  295. // Keep these information in global SPM
  296. //
  297. ZeroMemory (pData, sizeof(SspData));
  299. //
  300. // Load Security DLL
  301. //
  302. g_hSecLib = LoadLibrary (SSP_SPM_NT_DLL);
  303. if (g_hSecLib == NULL)
  304. {
  305. // This should never happen.
  306. LocalFree(pData);
  307. pData = NULL;
  308. goto Cleanup;
  309. }
  311. addrProcISI = (INIT_SECURITY_INTERFACE) GetProcAddress( g_hSecLib,
  312. SECURITY_ENTRYPOINT);
  313. if (addrProcISI == NULL)
  314. {
  315. LocalFree(pData);
  316. pData = NULL;
  317. goto Cleanup;
  318. }
  320. //
  321. // Get the SSPI function table
  322. //
  323. pFuncTbl = (*addrProcISI)();
  325. if (pFuncTbl == NULL)
  326. {
  327. LocalFree(pData);
  328. pData = NULL;
  329. goto Cleanup;
  330. }
  332. //
  333. // Get list of packages supported
  334. //
  335. sstat = (*(pFuncTbl->EnumerateSecurityPackages))(&cntPkg, &pPkgInfo);
  336. if (sstat != SEC_E_OK || pPkgInfo == NULL)
  337. {
  338. //
  339. // ??? Should we give up here ???
  340. // EnumerateSecurityPackage() failed
  341. //
  342. goto Cleanup;
  343. }
  345. if (cntPkg)
  346. {
  347. //
  348. // Create the package list
  349. //
  350. if ((pData->PkgList = (PSSPAuthPkg *)LocalAlloc(0,
  351. cntPkg*sizeof(PSSPAuthPkg))) == NULL)
  352. {
  353. goto Cleanup;
  354. }
  355. }
  357. for (ii = 0; ii < cntPkg; ii++)
  358. {
  359. //DebugTrace(SSPSPMID, "Found %s SSPI package\n",
  360. // pPkgInfo[ii].Name);
  362. if (SpmAddSSPIPkg (pData,
  363. pPkgInfo[ii].Name,
  364. pPkgInfo[ii].cbMaxToken
  365. ) == SSPPKG_ERROR)
  366. {
  367. goto Cleanup;
  368. }
  369. }
  371. pData->pFuncTbl = pFuncTbl;
  372. pData->bKeepList = TRUE;
  374. if (pData->PkgCnt == 0)
  375. {
  376. goto Cleanup;
  377. }
  379. g_pSspData = pData;
  380. pData = NULL;
  381. }
  382. __except(EXCEPTION_EXECUTE_HANDLER)
  383. {
  384. goto Cleanup;
  385. }
  386. ENDEXCEPT
  388. Cleanup:
  391. if( pPkgInfo != NULL )
  392. {
  393. //
  394. // Free buffer returned by the enumerate security package function
  395. //
  397. (*(pFuncTbl->FreeContextBuffer))(pPkgInfo);
  398. }
  400. if( pData != NULL )
  401. {
  402. SpmFreePkgList (pData);
  403. }
  405. /*
  406. if (g_hSecLib)
  407. {
  408. FreeLibrary (g_hSecLib);
  409. g_hSecLib = NULL;
  410. }
  411. */
  414. quit:
  415. Initialized = TRUE;
  416. Initializing = FALSE;
  418. //jump here if you grabbed the auth lock but don't want to affect Init*
  419. leave:
  420. AuthUnlock();
  422. //jump here IFF you didn't grab the Authlock
  423. done:
  424. return (g_pSspData);
  425. }
  427. INT
  428. GetPkgId(LPTSTR lpszPkgName)
  429. {
  430. int ii;
  432. if ( g_pSspData == NULL )
  433. {
  434. return -1;
  435. }
  437. if (!AuthLock())
  438. {
  439. return -1;
  440. }
  442. for (ii = 0; ii < g_pSspData->PkgCnt; ii++)
  443. {
  444. if (!lstrcmp(g_pSspData->PkgList[ii]->pName, lpszPkgName))
  445. {
  446. AuthUnlock();
  447. return(ii);
  448. }
  449. }
  451. AuthUnlock();
  452. return(-1);
  453. }
  455. DWORD
  456. GetPkgCapabilities(
  457. INT Package
  458. )
  459. {
  460. if (!AuthLock())
  461. {
  462. return 0;
  463. }
  465. DWORD dwCaps;
  466. if ( Package < g_pSspData->PkgCnt )
  467. {
  468. dwCaps = g_pSspData->PkgList[ Package ]->Capabilities ;
  469. }
  470. else
  471. dwCaps = 0 ;
  473. AuthUnlock();
  474. return dwCaps;
  475. }
  477. ULONG
  478. GetPkgMaxToken(
  479. INT Package
  480. )
  481. {
  482. if (!AuthLock())
  483. {
  484. return MAX_AUTH_MSG_SIZE;
  485. }
  487. ULONG dwMaxToken;
  489. if ( Package < g_pSspData->PkgCnt )
  490. {
  491. dwMaxToken = g_pSspData->PkgList[ Package ]->cbMaxToken;
  492. }
  493. else {
  494. // be compatible with old static buffer size
  495. dwMaxToken = MAX_AUTH_MSG_SIZE;
  496. }
  498. AuthUnlock();
  499. return dwMaxToken;
  500. }
  502. //
  503. // Calls to this function are serialized
  504. //
  506. DWORD_PTR SSPI_InitScheme (LPCSTR lpszScheme)
  507. {
  508. int ii;
  510. if (!SSPI_InitGlobals())
  511. return 0;
  513. if (!AuthLock())
  514. {
  515. return 0;
  516. }
  517. // Once initialized, check to see if this scheme is installed
  518. for (ii = 0; ii < g_pSspData->PkgCnt &&
  519. lstrcmp (g_pSspData->PkgList[ii]->pName, lpszScheme); ii++);
  521. if (ii >= g_pSspData->PkgCnt)
  522. {
  523. // This scheme is not installed on this machine
  524. AuthUnlock();
  525. return (0);
  526. }
  528. AuthUnlock();
  529. return ((DWORD_PTR)g_pSspData);
  530. }